This is a reference for WebhookAdmission config generated from kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```shell
./genref -include apiserver-webhookadmission
```
This is a reference for kube-scheduler policy config generated from
kubernetes-sigs/reference-docs/genref tool.
More specifically, it is generated using the following command:
```
./genref --include kube-scheduler-policy-config
```
The `imagePullPolicy` field is set automatically based on the image tag
if it's initially omitted, but it is not updated if the image tag later
changes. This can lead to [confusing
behaviour](https://itnext.io/defaults-are-hard-kubernetes-deployment-edition-3b11095792f2).
This change attempts to warn users of this potential pitfall.
The "Automatic mounting of manually created Secrets" section of the
Secrets documentation previously suggesting using PodPresets. PodPresets
have been removed, there is no alternate facility described, and it's
unclear if auto-mounting secrets based on associations with
ServiceAccounts was ever supported. Accordingly, the section should be
removed.
As suggested, removed the language related to common vernacular. I think the documentation is well written in the common labels section, and can possibly be enhanced as more and more of these labels are implemented. So, just a link in the best practice section is sufficient as suggested by you.
Adds a `caution` note that SSH key pairs do not establish trust between
clients and servers. A secondary method is required to establish trust
between an SSH client and host server, such as fixed `known_hosts` file.
Clients which do not establish adequate trust are vulnerable to "man in
the middle" impersonation attacks.
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
This PR adds a paragraph explaining the insecure by default nature of k8s secrets, and points users at the documentation to turn on encryption at rest and RBAC.
I think a second page needs to be created showing the correct combination of RBAC rules for various cases, which should eventually replace the link to the RBAC documentation.
After removing the sections of the page that are not in line with the
content guide, there is little left.
Edit pages that link to removed task to no longer link there.
Redirect using 302 status so that there is a future opportunity to reinstate
the page or something like it.
- Avoid links to removed cluster management task
- Broaden applicability of “Safely Drain A Node”
- Add (stub) cluster upgrade task page
- Add a basic page about upgrading your cluster.
- Add a task page about enabling or disabling HTTP APIs
Shannon Kularathna
Kubernetes Prow Robot
Qiming Teng
Tim Bannister
Victor Palade
Rey Lejano
Karen Bradshaw
Tobias
ChandaniM123
Adrian Ludwin
wojtekt
Jacob Henner
Federico Gallo
Bartlomiej Takuski
Tom Kivlin
Qiming Teng
Rajesh Jain
Rajesh Jain
lostsquirrel
Johnny Lim
Pavel Nosov
Sylvain Coulombel
Adam Kaplan
amyXia1994
Kristin Martin
Adam Jacob
reylejano-rxm
Somtochi Onyekwere
Sundeep Malladi
Sylvain COULOMBEL