kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
54,203 Commits
69 Branches
73 Tags
884 MiB
Commit Graph

668 Commits (33d1ee9401a50657b51b66c01deff43b00b3c71a)

Author SHA1 Message Date
Kubernetes Prow Robot f9be9a248c
Merge pull request #50145 from tengqm/kubelet-authz 
Mention the builtin clusterrole in kubelet authorization
 2025-03-30 10:24:35 -07:00
Kubernetes Prow Robot 8558bc3561
Merge pull request #49626 from shannonxtreme/mutating-webhook-good-practices 
Add a good practices page for mutating webhook design
 2025-03-22 07:06:31 -07:00
Shannon Kularathna 14220821d1 Move best practices from dynamic admission control page to best practices page 
Moved content as-is (no text changes) for a more readable diff between commits.

The following sections werent moved:

* Idempotence main section (better content in new page)
* Intercepting all versions of an object (better content in new page)
* Guaranteeing the final state of an object is seen
* Avoiding operating in the kube-system namespace
 2025-03-21 20:04:03 +00:00
Shannon Kularathna bf971d28d3 Add a new page for mutating webhook good practices. 
- Link to new page from dynamic admission control page
- Retain TODOs for info that'll be migration from existing page
 2025-03-21 20:00:38 +00:00
Qiming Teng 5bfcf81227 Mention the builtin clusterrole in kubelet authorization 
This PR updates the description about the kubelet fine-grained API
authorization.
 2025-03-20 08:15:34 +08:00
Anish Ramasekar 4888dbe086
fix doc for email_verified requirement when username contains claims.email 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
 2025-03-17 17:08:26 -07:00
Tim Bannister 2a3a72e16c
Move CSR for client certificate to tasks section 
The moved documentation describes a task, so move it to the
documentation section that describes tasks.
 2025-03-04 20:22:32 +00:00
Richard Tweed 1c250e49bf
Add diagram for admission control phases which shows the new validatingadmissionpolicies (#43836) 
* Add diagram for admission control phases which shows the new validatingadmissionpolicies

* Change to a mermaid diagram

* Add accessibility description

* Fix font size issue

* Correct blue colour

* Move diagram type to top to see if it builds correctly

* Convert to exported svg and mermaid-live link

* correct image path

* Update filepath

* Update link to mermaid doc

With the annotation changes

* Delete content/en/docs/images/admission-control-phases.svg

* correct image path

* Correct parallelism of stages and state parallel stage explicitly

* Undo autolint

* Undo further autolint

* Remove bad merge

* Revert yet more IDE autoformatting

* Revert more IDE nonsense

* Remove yet more ide nonsense

* Remove the last of the IDE autoformatting

* Fix last piece of the bad merge
 2025-02-23 13:26:27 -08:00
Kubernetes Prow Robot 91919bdba5
Merge pull request #46798 from fasaxc/patch-1 
Add more suggestions for avoiding deadlocks to webhook docs
 2025-02-20 14:08:27 -08:00
Shaun Crampton 0c40eced7e Add more suggestions for avoiding deadlocks 
Webhooks can cause deadlocks in several ways, expand the list to cover more subtle cases.

Co-authored-by: Kat Cosgrove <kat.cosgrove@gmail.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2025-02-17 13:21:59 +00:00
Kubernetes Prow Robot 97cbae19d2
Merge pull request #48920 from AmarNathChary/updated_yaml_to_json 
Switch extensible admission payload example from YAML to JSON
 2025-02-12 23:56:23 -08:00
Naresh Koduru 8b78fb8239 enable copying rolebinding examples directly 2025-02-12 13:36:26 +05:30
Kubernetes Prow Robot 74ffdcecda
Merge pull request #48200 from iheartNathan/42288-Inconsistent-documentation-of-default-StorageClass 
fix inconsistency in documentation of default storageclass
 2025-02-11 05:37:58 -08:00
Kubernetes Prow Robot 2e15797126
Merge pull request #49589 from NareshKoduru/role_copy 
Enable copying role and clusterRole snippets
 2025-01-29 16:19:22 -08:00
Naresh Koduru 6c6165d5e2 Enable copying role and clusterRole snippets 2025-01-29 10:15:16 +05:30
Thomas Gosteli 0338db1b94
add exempt api kinds in mutating admission policies doc 2025-01-22 18:31:51 +01:00
Thomas Gosteli 37017f4c04
fix: api kinds in upper camel case 2025-01-22 18:19:26 +01:00
iheartNathan 4e3523c0a0 fix inconsistency in documentation of default storageclass 2025-01-22 15:22:35 +00:00
Thomas Gosteli a1688890f0
Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2025-01-22 08:11:00 +01:00
Thomas Gosteli ede1a137fc
Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2025-01-22 08:10:46 +01:00
Thomas Gosteli baaf68c601
Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2025-01-22 08:10:27 +01:00
Thomas Gosteli eb357e28f7
docs: extend VAP docs with exempt resources 
Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
 2025-01-21 17:04:00 +01:00
windsonsea a214e105a2 Clean up service-accounts-admin.md 2025-01-21 09:08:14 +08:00
Mohammad Alavi 45182c8c24
change ValidatingAdmissionWebhook to ValidatingAdmissionPolicy 2025-01-14 21:22:05 +07:00
谭成 212637cfb7 Reorder ValidatingAdmissionPolicy components for logical flow 2024-12-20 09:34:38 +08:00
michellengnx baba5e4c35 Merge main into dev-1.32 to keep in sync 2024-12-09 23:11:06 -05:00
AmarNathChary 370c47dacc changed comments 2024-12-05 12:03:27 +05:30
AmarNathChary 8104af95c1 changed back to yaml 2024-12-03 14:55:12 +05:30
AmarNathChary 1e5175b94d Updated extensible admission controller yaml file to json 2024-12-02 14:20:12 +05:30
Kubernetes Prow Robot ee231f71d7
Merge pull request #48495 from munnerz/kep-4193-132-ga 
KEP-4193: Update ServiceAccount admin docs with additional info on bound tokens
 2024-11-26 19:22:56 +00:00
Jeffrey Ying cb8e5a7ce5
KEP-3962: Mutating admission policy documentation (#48646) 
* Introduce concept page for mutating admission policy

* add example and documentation for MAP

* fix MAP feature gate documentation

* address comments

* Apply suggestions from code review

Co-authored-by: Tim Bannister <tim@scalefactory.com>

---------

Co-authored-by: Joe Betz <jpbetz@google.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2024-11-26 18:20:56 +00:00
James Munnelly 4ef866967e
Apply suggestions from code review 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2024-11-26 18:09:26 +00:00
James Munnelly a3c89ce64a
Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
 2024-11-26 18:08:56 +00:00
Kubernetes Prow Robot 01eccc6441
Merge pull request #48771 from ritazh/deprecate-EnforceMountableSecretsAnnotation 
Add deprecation warnings for enforce-mountable-secrets annotation
 2024-11-26 17:12:56 +00:00
James Munnelly 0c28e697d4 address review comments 2024-11-26 11:25:39 +00:00
Rita Zhang 3b8c927a3b
Address comments 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
 2024-11-20 19:00:50 -08:00
Rita Zhang 926db124d0
Add deprecation warnings for enforce-mountable-secrets annotation 2024-11-19 07:59:43 -08:00
Kubernetes Prow Robot d8dbc916c4
Merge pull request #48487 from ritazh/kep_3221_ga 
KEP-3221: remove mentions of beta and featuregate, and change order of cmd line
 2024-11-19 13:30:53 +00:00
Kubernetes Prow Robot 7e26a80e3d
Merge pull request #48518 from HarshalNeelkamal/external-jwt-doc 
Docs for ExternalJWTSigner
 2024-11-19 00:32:53 +00:00
Harshal Neelkamal 9690d1f99e add doc for external JWT signer 2024-11-18 07:49:03 +00:00
michellengnx d021207741 Merge main into dev-1.32 to keep in sync 2024-11-11 17:40:26 -05:00
Tim Bannister 950a9dfdb6
Improve admission control reference 
- Change page title. The reference is about admission control (as a
  concept) as well as providing a list of all admission controllers.
- Expand the intro section to provide more of an explanation of
  admission control.
- Emphasize that ValidatingAdmissionPolicy, along with mutating and
  validating webhooks, are extension points.
 2024-11-11 22:07:22 +00:00
Marcelo Giles cdff2b4b6b
Add systems:master paragraph 2024-10-30 18:09:24 -07:00
Vinayak Goyal 7a1cdab150 KEP-4633: Graduate to BETA. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-10-25 15:42:32 +00:00
Rodolfo Albuquerque 1de1753475 Merge main into dev-1.32 to keep in sync 2024-10-23 23:46:20 -03:00
Rita Zhang 7d8b07ef63
KEP-3221: remove mentions of beta and change order of cmd line 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
 2024-10-22 21:30:28 -07:00
Kubernetes Prow Robot b92deb464a
Merge pull request #48412 from vinayakankugoyal/kep2862impl 
KEP-2862: Fine-grained Authz for Kubelet API.
 2024-10-23 00:22:52 +01:00
James Munnelly 152e83d1a1 Update ServiceAccount admin docs with additional info on bound tokens 2024-10-22 15:06:22 +01:00
Vinayak Goyal b6086ca952 KEP-2862: Fine-grained Authz for Kubelet API. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2024-10-21 22:14:37 +00:00
Jordan Liggitt 32aad9dd3f
KEP-3221: Promote StructuredAuthorizationConfiguration to GA 2024-10-21 11:46:18 -04:00