This commit moves the October '21 patch release dates one week later as
the original dates for CP and release fell during KubeCon Week.
Follow-up to https://github.com/kubernetes/website/pull/29937
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
* Blog post: NSA / CISA Hardening
This is a community response blog post that
acts as complementary resource that takes a
closer look at the guidance.
This blog post is not a substitute for reading
the guidance
Apply suggestions from code review
Co-authored-by: Jim Angel <jameswangel@gmail.com>
Co-authored-by: Savitha Raghunathan <saveetha13@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-authored-by: Robert <hyakuhei@gmail.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
* Changes based on NSA/CISA initial
feedback
Co-authored-by: Jim Angel <jameswangel@gmail.com>
Co-authored-by: Savitha Raghunathan <saveetha13@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
Co-authored-by: Robert <hyakuhei@gmail.com>
Co-authored-by: Rey Lejano <rlejano@gmail.com>
Partial tidying to bring this page more in line with the Kubernetes
documentation style guide.
Co-authored-by: Shannon Kularathna <ax3shannonkularathna@gmail.com>
The content describing a declarative API in the custom controller
section of the custom resources doc was confusing:
> A declarative API allows you to declare or specify the desired state
of your resource **and tries to keep the current state of Kubernetes
objects in sync with the desired state**. The controller interprets the
structured data as a record of the user's desired state, and continually
maintains this state.
(emphasis added)
It is not the declarative API that tries to keep the current state of
the objects in sync with the desired state. It's the controller that
does that.
I've reworded this paragraph to hopefully clarify this.
Closes Issue #29348
Signed-off-by: Jay Pipes <jaypipes@gmail.com>
* Clarified scenarios that could lead to privilege escalation
Made it clearer that it's not just creating pods which enables the privilege escalation. It's all workloads, all reconfiguration of workloads, and conceptually the creation and reconfiguration of custom resources which create workloads.
* Allowing link to priv escalation heading if required
* Update content/en/docs/reference/access-authn-authz/authorization.md
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Adding further clarifications
* Retitled escalation section
* Apply suggestions from vjftw
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
* Clarified CRDs and reduced duplication
* Updating caution based on Geoffrey's comments
* Updating controller comment and linking out to reference docs
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: VJ Patel <VJftw@users.noreply.github.com>
Kubernetes Prow Robot
Adolfo García Veytia (Puerco)
Charles Pretzer
mehabhalodiya
Christian Kotzbauer
Pushkar Joglekar
Shubham Kuchhal
Ali Yousefi Sabzevar
learner0810
xiao.li
Toli Kuznets
Victor Paredes
Tim Bannister
fabriziopandini
Khaled (Kal) Henidak
Jay Pipes
kartik494
Nitesh Seram
Gilson Melo
Robert Martin
Richard Tweed