kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,338 Commits 69 Branches 73 Tags 934 MiB
Commit Graph

220 Commits

Author SHA1 Message Date
Shannon Kularathna d8132bcd35 Improve the RBAC policies section 
- Change the heading to be more goal-oriented and add an anchor
- Separate list items into 'component' and 'human' users
- Add info about get access and third-party authorization mechanisms for finer control
- Add caution for granting list access
 2022-09-22 16:07:06 +00:00
Shannon Kularathna 6ca919d4bd Add caution callout for base64 encoding 2022-09-22 16:07:06 +00:00
Shannon Kularathna 89b9c18121 Split developer content into headings and remove redundant points 
Add short description to cluster admin and dev section
 2022-09-22 16:07:06 +00:00
Shannon Kularathna 8eb3ae60f3 Move developer content below cluster admins 
Additionally, fixed a couple of markdown links to not line wrap
 2022-09-22 16:07:06 +00:00
Shannon Kularathna 502eac3635 Clean up etcd wording 2022-09-22 16:07:06 +00:00
Shannon Kularathna 4887467aa4 Add sections for cluster admins 
- Add section for encryption at rest
- Add section for RBAC
- Clean up RBAC bullets
- Move etcd bullets to own section on etcd management
- Add section for third party secret stores
 2022-09-22 16:07:06 +00:00
Shannon Kularathna 1c625d0659 Update glossary and move existing info to new page 
- Update glossary term for secrets
- Improve clarity of privileged container warning note
- Create a new page for Secrets good practices and bring existing content as-is to the page
- Add weights to pages
- Add link for good practices for secrets and remove moved content
 2022-09-22 16:07:05 +00:00
Kubernetes Prow Robot de922ae019
Merge pull request #36562 from windsonsea/secovy 
Fix typo and consistency: /security/overview.md
 2022-09-18 11:12:29 -07:00
harshchauhan1988 8ab4ebb376
Adding recommendation for network isolation 2022-09-14 15:00:14 +05:30
Kubernetes Prow Robot 5ada01a5ce
Merge pull request #36343 from tallclair/workload-creation 
Update RBAC best practices for workload creation
 2022-09-07 09:18:37 -07:00
Qiming Teng 0df6c75da0 Reformat multi-tenancy page 
When translating/synchronizing changes to the multi-tenancy page, we
found that the long lines are difficult for change tracking. This PR
changes nothing other than manually wrapping the long lines.
 2022-09-06 13:12:14 +08:00
windsonsea 922aed0bf8 Fix typo and consistency: /security/overview.md 2022-09-03 22:43:12 +08:00
liufangwai 7e23b9e97d
Update overview.md 
Add huawei cloud trust center link
 2022-09-03 17:45:26 +08:00
mtardy 32e47b31bb Fix a few mini typos in the API bypass security page 2022-09-02 19:41:24 +02:00
Kubernetes Prow Robot 09707c0aef
Merge pull request #35908 from raesene/main 
New Docs page for API Server Bypass Risks
 2022-09-02 09:14:06 -07:00
Kubernetes Prow Robot a5e96bfbc5
Merge pull request #33992 from mtardy/security-checklist 
Add a security checklist for clusters
 2022-09-01 13:13:19 -07:00
mtardy 9f5a35978f RBAC guide is presented as a checklist item 2022-09-01 11:44:55 +02:00
mtardy eb962b4c12 Rewrite the part on the Pod Security standards and admission 2022-09-01 11:43:28 +02:00
Mahé a4305381fb
Reword the service mesh suggestion 2022-08-31 18:29:59 +02:00
Mahé d4fcf2fc7c
Reword the secret injection suggestion 2022-08-31 18:29:43 +02:00
mtardy f14a7544e5 Rewrite the admission plugins list 2022-08-31 18:26:49 +02:00
mtardy 239dc4c2fe Fix a typo on the word securely 2022-08-31 17:54:20 +02:00
mtardy c006a43f97 Replace a wrong unicode space character 2022-08-31 17:51:51 +02:00
mtardy 63ae0a9521 Split checklist item and explanation 2022-08-31 17:38:42 +02:00
mtardy d40e9cfa89 Remove an empty line 2022-08-31 17:37:01 +02:00
Mahé 2f8388e830
Add precision about pod security with pod security standards 
Co-authored-by: Rey Lejano <rlejano@gmail.com>
 2022-08-31 17:35:03 +02:00
mtardy 0e81bfd8ef Detail and add info on the CPU and memory limit item 2022-08-31 17:32:00 +02:00
mtardy 7139aba954 Add some guidelines on how to read the doc 2022-08-31 17:17:56 +02:00
Mahé 949e499db3
Rewrite the checklist item on minimal container images 2022-08-31 16:55:31 +02:00
Mahé 5167ab5c88
Use correct name for PodSecurityPolicy admission controller 2022-08-31 16:55:05 +02:00
Mahé 777d396905
Remove warning on PodSecurityPolicy removal in 1.25 2022-08-31 16:54:30 +02:00
Tim Allclair 19894182dc Explain namespace subdividing better 2022-08-29 15:14:28 -07:00
Tim Allclair 6162bcde28 Update RBAC best practices for workload creation 2022-08-26 16:46:27 -07:00
Rory McCune 49bc9b34eb New docs page for API Server Bypass Risks 
New Docs page for API Server Bypass Risks

This is a new documentation page for the Security Concepts section, looking at the risks of attackers bypassing the Kubernetes API server.

We've been working on this in Kubernetes SIG-Security docs (issue [here](https://github.com/kubernetes/sig-security/issues/42))

Co-Authored-By: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-Authored-By: Qiming Teng <tengqm@outlook.com>
Co-Authored-By: Tim Bannister <tim@scalefactory.com>
Co-Authored-By: Jordan Liggitt <jordan@liggitt.net>
 2022-08-25 17:25:58 +01:00
Kubernetes Prow Robot 56e78c2011
Merge pull request #34920 from mk46/en_crlftolf 
Convert CRLF to LF
 2022-08-24 14:15:50 -07:00
Kubernetes Prow Robot 28b1854383
Merge pull request #36198 from davidmlentz/patch-2 
Fix typo
 2022-08-23 21:57:48 -07:00
David M. Lentz 603f810903
Fix typo 
There are redundant instances of "future" in this sentence.
 2022-08-23 14:43:41 -06:00
Kubernetes Prow Robot c4a36a8067
Merge pull request #36165 from cathchu/merged-main-dev-1.25 
Merged main branch into dev-1.25
 2022-08-22 15:12:09 -07:00
cathchu e5ea8833be Merge remote-tracking branch 'upstream/main' into dev-1.25 2022-08-22 08:35:18 -04:00
Stanislav Kardashov a3064b1a36
[en] typo fix "privilge -> privilege" 2022-08-19 16:37:47 +03:00
ravisantoshgudimetla a1f6615206 Update pod security standards to use PodOS field 2022-08-18 15:47:41 -04:00
Jordan Liggitt b167938367 Scrub PSP docs for 1.25 2022-08-15 21:09:41 -04:00
Kubernetes Prow Robot 1476ac9203
Merge pull request #35618 from tallclair/psa-stable-1.25 
Update Pod Security Admission docs for graduation to stable
 2022-08-14 12:34:13 -07:00
mtardy b3a7965e3e Add the security checklist guide 
From the collaborative document with Savitha, Skybound and p4ck3t0,
after many edits thanks to the collaborators on the PR.

Co-authored-by: rschosser <88308339+rschosser@users.noreply.github.com>
Co-authored-by: Cailyn <cailyn.s.e@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
Co-authored-by: Benjamin Koltermann <48812495+p4ck3t0@users.noreply.github.com>
Co-authored-by: Skybound1 <github@skybound.link>
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
 2022-08-12 11:22:14 +02:00
Tim Allclair 29d9fa5a5f Remove prerequisites 2022-08-05 14:39:39 -07:00
Manish Kumar a96eb1118f Convert CRLF to LF 2022-08-04 11:05:16 +05:30
Tim Allclair ce898c50be Update Pod Security Admission docs for graduation to stable 2022-08-01 16:57:21 -07:00
Stanislav Kardashov 4e5cc42fc9
fix typo -> remove extra word "in" 2022-08-01 22:59:46 +03:00
Paszymaja 30eb2cc0cf
Update content/en/docs/concepts/security/rbac-good-practices.md 
Co-authored-by: divya-mohan0209 <divya.mohan0209@gmail.com>
 2022-07-27 14:12:15 +02:00
Paszymaja 7deb7e78cd
Merge branch 'main' into patch-1 2022-07-27 14:00:51 +02:00
Kubernetes Prow Robot 54d2e71509
Merge pull request #34675 from mtardy/psp-annotation 
Document the deprecated kubernetes.io/psp annotation
 2022-07-25 02:26:35 -07:00
Kubernetes Prow Robot e39409e0ee
Merge pull request #34098 from Nirusu/patch-1 
Remove section about the localhost port
 2022-07-11 01:23:49 -07:00
Kubernetes Prow Robot 94c832e49f
Merge pull request #34380 from tengqm/fix-links-3 
Batch fix links (3)
 2022-07-10 18:27:48 -07:00
Nils Hanke 959cb92224 Integrate flags into "Transport security" section 2022-07-09 04:55:43 -07:00
Qiming Teng d705d9ed1c Batch fix links (3) 2022-07-09 09:14:06 +08:00
Abhishek Patra ade7ed2e36
Fix minor typo 2022-07-06 19:57:58 +05:30
Sean Wei 34721abcac Use relative links for k8s.io 2022-06-30 12:08:14 +08:00
mtardy 1d55061a5a Remove the part about defining a PSP in a file 2022-06-29 09:37:23 +02:00
mtardy 8a4e62fb76 Separate commands from their outputs 2022-06-29 09:36:11 +02:00
Mahé 3b8a2a01fa
Clarify the reference to the psp annotation in the concept page 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2022-06-29 09:26:06 +02:00
mtardy 9ffd24b78d Use absolute URL in the tuto for the example PSP 2022-06-28 21:20:08 +02:00
mtardy 453f4e61f6 Reference the kubernetes.io/psp annotation on the PodSecurityPolicy concept page 2022-06-28 21:17:10 +02:00
Kubernetes Prow Robot 5c19702944
Merge pull request #33934 from JimBugwadia/multi-tenancy 
multi-tenancy section for docs
 2022-06-23 14:31:20 -07:00
Jim Bugwadia d71951bdf9 squash review updates 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-06-23 13:50:56 -07:00
mtardy d2b92602b3 Fix minor missing spaces typos in Pod Security Admission doc 2022-06-23 12:19:46 +02:00
Shubham 9ae05ea5b3
Improvement: Clarifiy the release which include Pod Security admission by default. (#34300) 
* Improvement: Clarifiy the release which include Pod Security admission by default.

* Modify: wrapped the long lines.
 2022-06-22 08:35:43 -07:00
Jihoon Seo e7caadc564 Replace skew shortcode parameters 2022-06-17 16:17:01 +09:00
Mark Rossetti c61be7d79c
Update pod-security-standards-hostprocess-state (#34264) 
* Update pod-security-standards-hostprocess-state

Signed-off-by: Mark Rossetti <marosset@microsoft.com>

* using hugo short-code
 2022-06-16 11:08:48 -07:00
SzymonPrzepiora 3eb9334ee2 suggested changes 2022-06-15 14:04:18 +02:00
Paszymaja 1b90f44da6
Fixed typos 
Fixed some typos and improved grammar.
 2022-06-10 12:40:02 +02:00
Nils Hanke c5d8916092
Remove section about the removed localhost port 2022-06-01 16:27:15 +02:00
Kubernetes Prow Robot f15cfaeb39
Merge pull request #33974 from JimBugwadia/pss 
move other policy engines
 2022-06-01 04:19:02 -07:00
Kubernetes Prow Robot f2dc19a07a
Merge pull request #34061 from howieyuen/windows-security 
fix broken link in Security For Windows Nodes
 2022-05-31 20:35:04 -07:00
howieyuen 58f572e4af fix broken link in Security For Windows Nodes 2022-06-01 11:01:49 +08:00
Guangwen Feng 89a8ad3951 Fix a typo in rbac-good-practices.md 
Signed-off-by: Guangwen Feng <fenggw-fnst@fujitsu.com>
 2022-05-31 13:37:41 +08:00
Jim Bugwadia fb97ad2140
Update content/en/docs/concepts/security/pod-security-standards.md 
Co-authored-by: Rey Lejano <rlejano@gmail.com>
 2022-05-30 07:49:41 -07:00
Kubernetes Prow Robot fd9e0acacb
Merge pull request #33833 from liggitt/pss-privileged 
Clarify privileged Pod Security Standard description
 2022-05-29 23:02:52 -07:00
harshitasao 2517ad6c77 small modification 2022-05-29 16:06:25 +05:30
harshitasao d686637140 Removed Authorizing Policies. 2022-05-27 11:02:15 +05:30
Jim Bugwadia 495642c688
Update content/en/docs/concepts/security/pod-security-standards.md 
Co-authored-by: Qiming Teng <tengqm@outlook.com>
 2022-05-26 17:43:29 -07:00
Jim Bugwadia 7c5f243af7 move other policy engines 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-26 16:17:26 -07:00
harshitasao 8ce38a6625 added what's next in RBAC good practice guide 2022-05-26 13:27:44 +05:30
harshitasao 789935a35d fixed the RBAC good practice guide. 2022-05-26 12:15:20 +05:30
Jim Bugwadia 39afd8538d initial draft 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-05-24 22:27:00 -07:00
Jordan Liggitt 79c01ff06d
Update content/en/docs/concepts/security/pod-security-standards.md 
Co-authored-by: Tim Allclair <timallclair@gmail.com>
 2022-05-19 17:03:39 -04:00
Jordan Liggitt 03f0d23228 Clarify privileged Pod Security Standard description 2022-05-19 14:51:51 -04:00
Kubernetes Prow Robot 93a11b1007
Merge pull request #32812 from raesene/main 
Add RBAC good practice guide
 2022-05-15 14:12:16 -07:00
Rory 412571886c Add RBAC Good Practices Guide 2022-05-15 21:45:11 +02:00
Christopher Negus ffb7e4bc67 Small edit of pod security doc 2022-05-04 14:03:42 +00:00
Nate W 5ead53b3e8 Merge remote-tracking branch 'upstream/main' into dev-1.24 2022-05-02 10:29:49 -07:00
xin.li b831e96c6a [en] modify debug-cluster/audit 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2022-04-29 20:40:59 +08:00
Kubernetes Prow Robot a1ef2afd7f
Merge pull request #31953 from sftim/20220227_update_pod_security_admission_concept_v1.24 
Update Pod Security Admission concept for v1.24
 2022-04-27 16:05:35 -07:00
Christopher Negus 59d3e1e7a2 Update pod security docs for dockershim removal 2022-04-26 13:39:55 +00:00
Nate W 0135d3642b Merge remote-tracking branch 'upstream/main' into dev-1.24 2022-04-19 15:45:28 -07:00
Mengjiao Liu 7e0a2162d7 Fix missing links 2022-04-12 16:46:38 +08:00
Nate W f85be125b9 Merge remote-tracking branch 'upstream/main' into dev-1.24 2022-03-31 15:18:13 -07:00
Kubernetes Prow Robot b53955eed4
Merge pull request #32628 from waynerv/patch-3 
Update pod-security-admission.md
 2022-03-31 14:43:07 -07:00
Kubernetes Prow Robot 70dbc89f33
Merge pull request #32283 from PriyanshuAhlawat/adding_auditing 
Update controlling-access.md issue-32224
 2022-03-30 20:44:59 -07:00
Priyanshu Ahlawat e62d2f7302
Update content/en/docs/concepts/security/controlling-access.md 
Co-authored-by: Qiming Teng <tengqm@outlook.com>
 2022-03-31 08:30:44 +05:30
Tim Bannister 672813f3e7
Move PSP into Security concepts section 
The logical navigation definitely works better if Pod Security admission
and PodSecurityPolicy are pages in the same section. Make It So.

Co-authored-by: Rey Lejano <rlejano@gmail.com>
 2022-03-30 17:30:35 +01:00