website

Commit Graph

Author	SHA1	Message	Date
Rita Zhang	a556984b94	Add docs for Structured Authz beta Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>	2024-03-11 08:27:41 -07:00
Puru	a66d974f1a	Improve	2024-03-08 00:49:02 +05:45
Oluebube Princes Egbuna	e1465e035a	Merge remote-tracking branch 'upstream/main' into dev-1.30	2024-02-20 11:46:04 +01:00
Tim Bannister	e4731338d3	Switch some feature-state shortcodes to be data driven When the feature gates graduate (or get deprecated), the associated shortcode will update automatically. Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>	2024-02-16 12:49:31 +00:00
mtardy	ca4dc02375	Remove the SecurityContextDeny admission plugin documentation	2024-02-14 16:39:37 +01:00
Saketh Kalaga	121d47db90	Update authentication.md Azure Active Directory is now Microsoft Entra ID. Changing for the sake of correctness.	2024-01-19 01:06:19 +05:30
lakshmi	2167f9075c	rephrase the content	2024-01-05 15:35:55 +05:30
hunshcn	bcc55ae7c9	fix outdated link/anchor Signed-off-by: hunshcn <hunsh.cn@gmail.com>	2024-01-03 15:00:11 +08:00
Takashiidobe	d536e46dbd	fix typos	2023-12-24 21:00:53 -05:00
Anish Ramasekar	fcfeeac989	fix value in structured authn config example Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2023-12-13 21:43:11 +00:00
drewhagen	deaf1b920a	Merge remote-tracking branch 'upstream/main' into dev-1.29	2023-11-29 15:33:49 -06:00
Suruchi Kumari	c0a72d25d8	added doc for setting up cloud provider kubectl auth via plugin Signed-off-by: GitHub <noreply@github.com>	2023-11-29 13:26:04 +00:00
Kubernetes Prow Robot	7c2f5c4583	Merge pull request #43397 from aramase/aramase/d/kep_3331_v1alpha1_docs_v1.29 add docs for StructuredAuthenticationConfig v1alpha1	2023-11-28 09:47:41 +01:00
Anish Ramasekar	74caa0daaa	review feedback Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2023-11-27 20:03:23 +00:00
Kubernetes Prow Robot	123973c2e8	Merge pull request #41892 from palnabarun/authz-config-docs Add docs for Authorization Configuration	2023-11-27 13:59:40 +01:00
Nabarun Pal	21ac70ee24	Wrap markdown text Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>	2023-11-27 16:16:40 +05:30
Nabarun Pal	03e2976d90	Add more context to downgrade example Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>	2023-11-24 12:03:35 +05:30
Kat Cosgrove	2d9fbc1c7e	Merge remote-tracking branch 'upstream/main' into dev-1.29	2023-11-22 22:07:26 +00:00
Kubernetes Prow Robot	421821d5fa	Merge pull request #43563 from yt2985/dev-1.29 Add LegacyServiceAccountTokenCleanUp feature in beta	2023-11-22 18:47:18 +01:00
Nabarun Pal	10568634b5	Update from code review Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>	2023-11-22 10:22:33 +05:30
Anish Ramasekar	01e6f317e3	add docs for StructuredAuthenticationConfig v1alpha1 Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>	2023-11-21 19:28:05 +00:00
Taahir Ahmed	6dd3091e55	ClusterTrustBundles: Document projected volumes	2023-11-21 09:22:39 -08:00
chansuke	244c6353bd	Improve documentation for `kubernetes.io/enforce-mountable-secrets` annotation on `ServiceAccount`	2023-11-22 00:46:34 +09:00
Nabarun Pal	5627db2720	add documentation for AuthorizationConfiguration Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>	2023-11-20 08:58:49 +05:30
Oluebube Princes Egbuna	f893a19ee6	Resolved merge conflict when merging main into dev-1.29 branch	2023-11-19 16:02:40 +01:00
windsonsea	676f862137	Clean up /access-authn-authz/authentication.md	2023-11-17 21:32:04 +08:00
tinatingyu	bcb527b5be	Add LegacyServiceAccountTokenCleanUp feature to beta	2023-11-16 17:21:26 +00:00
Monis Khan	42c9e4e20f	KEP-4193: bound service account token improvements Signed-off-by: Monis Khan <mok@microsoft.com>	2023-11-16 08:48:59 -05:00
steve-hardman	20e6cba5fe	Fix broken link in "Validating Admission Policy" page (#43893 ) * Fix typo * Fix typo Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com> --------- Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>	2023-11-14 08:02:32 +01:00
Cici Huang	fc92afd819	Remove the escape.	2023-10-30 16:38:15 +00:00
Shubham	fba4f6cb2f	Removed outdated information for SA and Added the Note for Manually created Secret API objects. (#43451 ) * Removed outdated information for SA and Added the Note for Manually created Secret API objects. * Modified the Note. * Simplified the Note.	2023-10-26 02:50:01 +02:00
Tony Gorman	01d9e07e27	Update admission-controllers.md Sentence seems grammatically incorrect	2023-10-17 17:32:46 +01:00
Kubernetes Prow Robot	84fd32d13c	Merge pull request #41682 from Shubham82/Add_subj_command_option Add -subj Command Option.	2023-10-10 09:45:22 +02:00
Michael	318ff2e797	Clean up kubelet-tls-bootstrapping.md	2023-10-07 09:02:41 +08:00
Qiming Teng	29b1f8f482	Tweak line wrappings for the node authorization page	2023-10-02 17:11:14 +08:00
Qiming Teng	eaf599bd20	Remove oudated information about Node authorization The content about v1.6-1.8 should be removed to avoid confusion.	2023-10-02 17:11:07 +08:00
nnlkcncff	f932a74483	fix description --oidc-issuer-url.md (#42941 ) * fix description --oidc-issuer-url.md https://accounts.google.com/ <= above └─ .well-known/openid-configuration <= below * Update authentication.md Fixed the description of `--oidc-issuer-url`.	2023-09-27 16:22:38 -07:00
Matheus Moraes	c64c7837c8	add CEL Playground link	2023-09-08 16:42:43 -03:00
Mengjiao Liu	e8b136c3b3	Use code_sample shortcode instead of code shortcode	2023-09-05 17:10:14 +08:00
Qiming Teng	60bf42a527	Update test cases for v1.28 This PR makes sure the manifests under `content/en/examples` are valid in v1.28. The primary fixes are: - Updated the go.mod/go.sum file for testing against v1.28.0 release. - Revise test case code to ensure newly added manifests are tested; - Adapt Pod validation options to upstream validation code change; - Move a ValidatingWebhookConfiguration YAML back to inline because the manifest cannot validate against the validator. The CA bundle referenced is not a valid string (base64 encoded). That means the YAML cannot be used/tested as is by users.	2023-08-18 09:03:30 +08:00
Kubernetes Prow Robot	5755e4362a	Merge pull request #42060 from a-hilaly/beta-match-conditions Graduate AdmissionWebhookMatchConditions to beta	2023-08-09 08:49:51 -07:00
Tim Bannister	20b43d6095	Merge branch 'main' into 'dev-1.28'	2023-08-09 11:13:31 +01:00
Amine	42078a08fb	Fix typos and add comments to the match conditions example	2023-08-09 09:38:48 +02:00
Alex Zielenski	fe7759b734	ValidatingAdmissionPolicy: add docs for new per namespace policy params feature (#42219 ) * document per namespace params * switch examples to codenew, fixup some typos * more formatting and codenew * use codenew instead of code * fixup headings	2023-08-08 13:35:52 -07:00
Amine	2218f3d573	Remove note stating that we need AdmissionWebhookMatchConditions to be enabled explicitely	2023-08-08 20:02:35 +02:00
Jiahui Feng	4dfef3e53f	Document ValidatingAdmissionPolicy variable composition and namespaceObject (#42220 ) * variable composition. * mention namespaceObject. * Apply suggestions from code review Co-authored-by: Tim Bannister <tim@scalefactory.com> * separate commands from output. * YAML comment. * Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md Co-authored-by: Tim Bannister <tim@scalefactory.com> * no shell prompt. * Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md Co-authored-by: Joe Betz <jpbetz@google.com> * Update content/en/docs/reference/access-authn-authz/validating-admission-policy.md Co-authored-by: Joe Betz <jpbetz@google.com> --------- Co-authored-by: Tim Bannister <tim@scalefactory.com> Co-authored-by: Joe Betz <jpbetz@google.com>	2023-08-08 07:52:16 -07:00
Kubernetes Prow Robot	e168005b37	Merge pull request #42270 from skrobul/validating-and-mutation-controllers admission controllers: document types	2023-08-03 15:46:20 -07:00
Mengjiao Liu	68ba9633a2	Switch English to use code not codenew shortcode	2023-08-01 16:57:17 +08:00
Marek Skrobacki	f900debc63	admission controllers: put type information at top of section Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>	2023-07-28 18:02:02 +01:00
Marek Skrobacki	fce6bfc32f	admission controllers: document types Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>	2023-07-28 11:08:32 +01:00
Amine	9bac8cfc1a	Add note on max number of match condition elements a user can define per webhook	2023-07-25 19:54:51 +01:00
Andrey Goran	eb522c126f	Replace {{< codenew ... >}} with {{% codenew ... %}} in all English docs (#42180 ) * Replaced {{< codenew ... >}} with {{% codenew ... %}} in all files * Reverted changes in non-english localizations	2023-07-25 05:54:06 -07:00
Amine	f9c824917f	convert the `ValidatingWebhookConfiguration` example into a manifest using a codenew shortcode	2023-07-24 23:10:55 +01:00
windsonsea	5fa005a106	fix bullets in validating-admission-policy	2023-07-10 13:00:43 +08:00
Rishit Dagli	e7cf1ca19b	Merge dev-1.28 into main	2023-07-04 19:21:49 -04:00
Nabarun Pal	83bb609c1e	add authorization config documentation Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>	2023-06-30 23:25:34 +05:30
Kubernetes Prow Robot	0e7302f383	Merge pull request #41556 from Zhuzhenghao/cleanup/abac cleanup page abac	2023-06-30 06:18:42 -07:00
Kubernetes Prow Robot	4cb9a82b2a	Merge pull request #40166 from mtardy/scdeny-deprecation Update scdeny plugin documentation for deprecation	2023-06-30 02:49:45 -07:00
mtardy	c32b30f457	Update scdeny plugin documentation for deprecation	2023-06-30 10:52:50 +02:00
Kubernetes Prow Robot	b47948af36	Merge pull request #41156 from dprotaso/patch-1 Update service-accounts-admin.md	2023-06-28 15:06:45 -07:00
Kubernetes Prow Robot	1cb1390388	Merge pull request #41000 from zlabjp/fix-key-usage Fix permitted key usages	2023-06-26 17:32:29 -07:00
shubham82	d873f03e78	Add -subj Command Option.	2023-06-19 15:38:54 +05:30
zhenghao.zhu	b1e9fbe945	[zh] cleanup page abac	2023-06-18 11:46:28 +08:00
Kubernetes Prow Robot	610b895266	Merge pull request #41308 from kubernetes/main Sync `dev-1.28` branch with `main`	2023-05-29 23:01:44 -07:00
Dave Protasowski	f023295351	Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md Co-authored-by: Tim Bannister <tim@scalefactory.com>	2023-05-23 13:16:26 -04:00
Eric Chiang	5d6e0ca1bb	remove ericchiang from reviewers	2023-05-16 18:13:33 +00:00
Rishit Dagli	7323fddca9	Merge branch 'merged-main-dev1.28' into dev-1.28	2023-05-16 02:39:25 -04:00
Dave Protasowski	eb21c7af96	Update service-accounts-admin.md	2023-05-15 11:28:47 -04:00
Kubernetes Prow Robot	edc769baa4	Merge pull request #39576 from sftim/20220108_improve_api_documentation_objects_part_1 Reorganize Working with Kubernetes Objects section	2023-05-10 18:39:09 -07:00
Tomoya Usami	d384f118b2	Fix permitted key usages	2023-05-08 13:54:52 +09:00
Kubernetes Prow Robot	7bdcd3da4c	Merge pull request #40968 from nnmin-aws/nnmin-dev update certificate-signing-requests.md to reflect https://github.com/…	2023-05-07 02:51:15 -07:00
Min Ni	35771026a1	update certificate-signing-requests.md to reflect https://github.com/kubernetes/kubernetes/pull/111660 introduced in 1.27	2023-05-05 13:15:39 -07:00
Kubernetes Prow Robot	a413d89528	Merge pull request #40051 from EricFortin/patch-1 Small wording change	2023-05-05 02:51:12 -07:00
Maksim Nabokikh	30841950a6	Apply suggestions from code review Co-authored-by: Tim Bannister <tim@scalefactory.com>	2023-05-04 22:25:45 +02:00
m.nabokikh	d2d1242815	KEP-3325: Promote SelfSubjectReview to GA Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2023-05-04 11:37:01 +02:00
Kubernetes Prow Robot	6bf15f514b	Merge pull request #40692 from sftim/20230414_automatically_use_latest_patch_for_minor_version Use release data to calculate latest patch version	2023-05-03 00:38:12 -07:00
Kubernetes Prow Robot	f787489ec5	Merge pull request #40535 from aitorpazos/patch-1 Note on caBundle encoding in extensible-admission-controllers.md	2023-05-02 15:38:14 -07:00
Tim Bannister	50d7e85643	Migrate from fullVersion param to skew shortcode Use {{< skew currentPatchVersion >}} to render the latest patch version for the minor release being documented.	2023-05-02 23:25:30 +01:00
Tim Bannister	634c17f61c	Reorganize Working with Kubernetes Objects section - move Understanding Kubernetes Objects to be section overview - within the section, consistently link to the new (moved) page from the first mention of “object” - add a redirect Co-authored-by: Divya Mohan <divya.mohan0209@gmail.com>	2023-04-29 21:39:42 +01:00
Ismail Alidzhikov	eb3e564a17	Fix the comma symbol Some unknown symbol is being used currently.	2023-04-24 10:45:46 +03:00
Qiming Teng	ad7c0712c6	Fix examples test for 1.27 - Some examples are actually not good "examples", i.e. they are not not ready for the users to try out. - Some examples are failing the validation in their current format. - Some examples skipped the test case. These issues are fixed.	2023-04-16 17:26:12 +08:00
Taahir Ahmed	4a5436f42e	ClusterTrustBundles: Document service account impersonation (Change message to retrigger tests)	2023-04-14 11:05:15 -07:00
Mickey Boxell	2e403eba90	Merge pull request #40578 from sftim/20230409_cluster_trust_bundles Document ClusterTrustBundles	2023-04-10 16:44:03 -05:00
Mickey Boxell	9252eb08f5	Merge remote-tracking branch 'upstream/main' into dev-1.27	2023-04-10 12:20:33 -07:00
Tim Bannister	e95deae997	Update CSR page to encompass CSRs and trust bundles Rather than mention trust bundles as a subtopic of certificate signing requests, reshape the page so that: - it's clear that CSRs are stable but ClusterTrustBundles are alpha - the task for issuing a certificate to a user stands separately from the concepts explained elsewhere in the page - it's clear that signers are relevant to both CSRs and ClusterTrustBundles	2023-04-09 18:51:27 +01:00
Tim Bannister	8377a675cd	ClusterTrustBundles: Add section to certificates page Document the API types as they exist today, plus a hint of the future integrations that will be available. Co-Authored-By: Taahir Ahmed <taahm@google.com>	2023-04-09 17:27:18 +01:00
朱正浩,Zhu Zhenghao	c1f4c5c4a2	Cleanup page rbac	2023-04-07 22:34:42 +08:00
Aitor	cf20f82dbd	Note on caBundle encoding in extensible-admission-controllers.md The note on caBundle field description mentions it is PEM encoded, but the actual field value is then encoded into Base64, which is worth mentioning.	2023-04-06 09:10:12 +00:00
Mickey Boxell	31439e3d56	Merge branch 'upstream/main' into dev-1.27	2023-04-05 14:20:36 -05:00
朱正浩,Zhu Zhenghao	3a3ae711d5	Cleanup page rbac	2023-04-05 22:36:28 +08:00
zmquan	b1bd85a421	about apiGroups (#40315 ) * about apiGroups Look at the source code, apiGroups is an empty set and not all are allowed, you need to use * to be able to, if it is an empty set if the resource does not have apiGroups then it will not be accessible Refer to： https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/rbac/v1/evaluation_helpers.go#L85 https://github.com/kubernetes/api/blob/master/rbac/v1/types.go#L29 * Update content/en/docs/reference/access-authn-authz/rbac.md Co-authored-by: Jordan Liggitt <jordan@liggitt.net> * Update rbac.md * Update rbac.md * Update content/en/docs/reference/access-authn-authz/rbac.md the comma Co-authored-by: Jordan Liggitt <jordan@liggitt.net> * Update rbac.md All changed * Update content/en/docs/reference/access-authn-authz/rbac.md Co-authored-by: Qiming Teng <tengqm@outlook.com> * Update content/en/docs/reference/access-authn-authz/rbac.md Co-authored-by: Qiming Teng <tengqm@outlook.com> * Update content/en/docs/reference/access-authn-authz/rbac.md Co-authored-by: Qiming Teng <tengqm@outlook.com> --------- Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Co-authored-by: Qiming Teng <tengqm@outlook.com>	2023-04-04 22:01:38 -07:00
Jiahui Feng	0d862b9afe	message expression and type checking.	2023-04-03 09:38:13 -07:00
Joe Betz	cf37b594f2	KEP-3488 ValidatingAdmissionPolicy: Enforcement actions, audit annotations, and secondary authz (#40098 ) * Document auditAnnotations, validationActions and authorizer * Apply suggestions from code review Co-authored-by: Qiming Teng <tengqm@outlook.com> * Apply suggestions from code review Co-authored-by: Tim Allclair <timallclair@gmail.com> * Apply feedback --------- Co-authored-by: Qiming Teng <tengqm@outlook.com> Co-authored-by: Tim Allclair <timallclair@gmail.com>	2023-04-03 08:55:52 -07:00
Tim Allclair	27460b23fa	AdmissionWebhookMatchConditions feature documentation (#40058 ) * AdmissionWebhookMatchConditions feature documentation * #squash ivelichkovich feedback * #squash sftim feedback * Correct statement about request.object * #squash: sftim feedback * #squash jpbetz feedback * #squash: denied function removed * #squash fix match conditions example * #squash fix expression quoting * #squash scope authorizatoin check example * #squash separate RBAC webhook example * #squash sftim feedback * #squash add shared client config for example * Don't use yaml anchors in example	2023-04-03 08:23:51 -07:00
samitks	4d58ea4165	Update service-accounts-admin.md Fix internal links in service-accounts-admin docs	2023-04-01 13:23:50 +05:30
Kubernetes Prow Robot	2da2c6c277	Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27 Merged main dev 1.27	2023-03-31 21:49:49 -07:00
samitks	b0978a248e	Fix ServiceAccount admission controller link Fix ServiceAccount admission controller link	2023-03-31 05:55:01 +05:30
Kubernetes Prow Robot	b842957cf3	Merge pull request #39794 from nabokihms/ssr-beta KEP-3325: Promote SelfSubjectReview to Beta	2023-03-30 11:39:49 -07:00
Mickey Boxell	a15fa4ae31	Merge remote-tracking branch 'upstream/main' into dev-1.27	2023-03-29 15:54:33 -05:00
liulijin	669f695ccb	Remove some duplicates in content/en/docs/reference/access-authn-authz/service-accounts-admin.md Signed-off-by: liulijin <253954033@qq.com>	2023-03-23 09:25:21 +08:00

1 2 3 4 5 ...

616 Commits (aae228c0377a677b59df6543f0b51cd21fcab176)