- move Understanding Kubernetes Objects to be section overview
- within the section, consistently link to the new (moved) page from the
first mention of “object”
- add a redirect
Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>
* about apiGroups
Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible
Refer to:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
* Update rbac.md
* Update content/en/docs/reference/access-authn-authz/rbac.md
the comma
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
* Update rbac.md
All changed
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
* Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Qiming Teng <tengqm@outlook.com>
---------
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Document EndpointSlice as the preferred and most appropriate mechanism
to record the backing endpoints of a Service.
Co-authored-by: Rob Scott <rob.scott87@gmail.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Signed-off-by: Tom Kivlin <tom.kivlin@vodafone.com>
added link to best practice doc
update from sftim comments
update from liggitt comments
Update content/en/docs/reference/access-authn-authz/rbac.md
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
update from liggitt comment
I added a <br> after the end of the third bullet and backed out all of the other changes I suggested in the original pull request. I think this better matches the author's original intent. The only difference now between what's currently published and this edit is the line break coded after the third bullet.
The language "For all service accounts in the "qa" namespace" in the example is confusing namespaces and groups. Language fixed to disambiguate between group and namespace. An additional example provided which uses both the group ("dev") AND the namespace ("development") to further illustrate this point
This may be intuitive for most, but the existing phrasing read to me as
if `bind` were a special-case verb that _required_ me to explicitly state
which Roles or ClusterRoles it should apply to.
> You can only create/update a role binding if you […] or if you have
> been authorized to perform the bind verb on the referenced role.
> Grant them permissions needed to bind a particular role […]
> explicitly, by giving them permission to perform the bind verb on the
> particular Role (or ClusterRole).
Jordan Liggitt
Kubernetes Prow Robot
Puru
Tim Bannister
lakshmi
Mengjiao Liu
Andrey Goran
Kubernetes Prow Robot
Ismail Alidzhikov
朱正浩,Zhu Zhenghao
zmquan
Sergey Shevchenko
Tom Kivlin
Meha Bhalodiya
Osuolale Emmanuel
Qiming Teng
CJ Cullen
Sean Wei
Pranshu Srivastava
Abirdcfly
Maciej Filocha
Rob Scott
Karen Bradshaw
Edward Rosen
Rajesh Jain
Han Kang
makocchi-git
Jorge Vallecillo
Nic Cope
Taylor Dolezal
divyabhushan
Gaurav Sofat