kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
44,702 Commits
66 Branches
71 Tags
884 MiB
Commit Graph

58 Commits (dcfbe0d56100f87a0620fe5af5e57c07548e5d0a)

Author SHA1 Message Date
Kubernetes Prow Robot bdf538c2cd
Merge pull request #42922 from sftim/20230906_document_decrypting_api_encryption_at_rest 
Split at-rest decryption into its own page
 2023-09-18 10:18:32 -07:00
Kubernetes Prow Robot 3613a659e0
Merge pull request #42882 from sftim/20220428_revise_encryption_at_rest_table_rework 
Update encryption-at-rest task page
 2023-09-06 12:52:52 -07:00
Tim Bannister e31c847e25
Split at-rest decryption into its own page 2023-09-06 20:41:31 +01:00
Tim Bannister 3aade83e13 List available API encryption providers 
Improve existing list of providers for API encryption at rest.

Co-authored-by: Qiming Teng <tengqm@outlook.com>
 2023-09-05 17:46:40 +01:00
Tim Bannister 55d5b54937 Make a section for writing the config file 
Promote creating the encryption configuration file to have its own page
heading.
 2023-09-05 17:46:40 +01:00
Kubernetes Prow Robot 2b973a9c96
Merge pull request #42883 from sftim/20220428_revise_encryption_at_rest_table_rework_2 
Update encryption-at-rest task page
 2023-09-04 17:45:48 -07:00
Andrii Abramov 8f4cb28d94
Fix typo in encrypt-data.md 2023-09-05 00:30:52 +02:00
Tim Bannister eaf4c4e913 Clarify how to ensure objects are encrypted 2023-09-04 18:15:58 +01:00
gerardo romero niño a203814740
Update encrypt-data.md 
Fix typo on new encryption config file example
 2023-08-17 08:28:18 -06:00
Monis Khan 7fb0cf6924
KMS doc updates for v1.28 
Signed-off-by: Monis Khan <mok@microsoft.com>
 2023-08-09 15:00:11 -04:00
Tim Bannister 78bb456b96 Revise API encryption at rest task intro 
Co-authored-by: Mo Khan <theenjeru@gmail.com>
 2023-07-25 14:33:37 +01:00
Tim Bannister 163fd2769a
Update example YAML in encryption-at-rest topic 2023-06-10 09:53:36 +01:00
Kubernetes Prow Robot 792a63ef7a
Merge pull request #41196 from sftim/20230517_revise_encryption_at_rest 
Replace ASCII art arrows in comments
 2023-05-17 15:24:33 -07:00
Tim Bannister 49d0568a06 Split out advice about config reloads for encryption at rest 2023-05-17 21:33:29 +01:00
Tim Bannister 1f762d0403 Replace ASCII art arrows in comments 
Plain comments work just as well.
 2023-05-17 20:10:05 +01:00
Tim Bannister aec678e64a Revise API resource encryption at rest introduction 
- Change page title (you can encrypt more than Secrets)
- Revise prerequisites
 2023-05-10 13:20:33 +01:00
Tim Bannister fac97a1947 Fix sort order for at-rest API encryption providers 
List "identity" first, then other providers alphabetically.
 2023-04-29 21:47:14 +01:00
Tim Bannister e3720c7fd3 Switch to HTML table 
Replace the existing Markdown table with a more complex table that is
not easy to express in Markdown - and for that reason, use HTML.

This relies on custom style support to render well, but can work OK even
with default Docsy styling.
 2023-04-29 21:47:09 +01:00
Kubernetes Prow Robot 2da2c6c277
Merge pull request #40407 from mickeyboxell/merged-main-dev-1.27 
Merged main dev 1.27
 2023-03-31 21:49:49 -07:00
Rita Zhang cb656b40c2
Add docs to accompany KMS v2beta1 changes (#39110) 
* Tracking commit for v1.27 docs

* feat: KMS v2beta1

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

---------

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
 2023-03-30 23:21:49 -07:00
Mickey Boxell a15fa4ae31 Merge remote-tracking branch 'upstream/main' into dev-1.27 2023-03-29 15:54:33 -05:00
Kubernetes Prow Robot f0c2c17e4b
Merge pull request #39897 from nilekhc/encrypt-all-docs 
[KMSv2] docs: updates EncryptionConfiguration doc to add wildcard support to encrypt all resources.
 2023-03-23 12:08:31 -07:00
Kubernetes Prow Robot d63f7618a1
Merge pull request #39876 from bradreelee/patch-1 
Update encrypt-data.md
 2023-03-23 03:00:32 -07:00
Nilekh Chaudhari 1054d0bcc7 docs: updates EncryptionConfiguration doc to add wildcard support to encrypt all resources. 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2023-03-13 23:39:06 +00:00
bradreelee d6b5d843c3
Update encrypt-data.md 2023-03-13 20:07:39 +09:00
bradreelee 2774ec1ffe
Update content/en/docs/tasks/administer-cluster/encrypt-data.md 
Co-authored-by: Dipesh Rawat <rawat.dipesh@gmail.com>
 2023-03-13 10:29:10 +09:00
Craig Box 46bf59d941 Shortcode fixes for en 2023-03-13 10:50:13 +13:00
bradreelee 00078b40dc
Update encrypt-data.md 
Added missing closing parentheses in line 70
 2023-03-09 20:19:21 +09:00
Abigail McCarthy b1202c78ff Update page weights in /tasks/administer-cluster section 2023-01-11 11:12:34 -05:00
Michael d8e90b4c6b Fix punctuations in headings of encrypt-data.md 2022-12-19 09:34:59 +08:00
Kubernetes Prow Robot 98973fdcba
Merge pull request #38137 from nilekhc/kms-docs 
kms: updates website to document encryption config hot reload changes
 2022-12-06 05:24:36 -08:00
Nilekh Chaudhari d132365aae kms: updates website to document --encryption-provider-config-automatic-reload api server flag and healthcheck endpoint behavior 
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
 2022-12-01 19:05:18 +00:00
Rita Zhang 765de36b1d
Document custom resource encryption support (#38109) 
* Add custom resource encryption support

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Address review comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Update reviewer list

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Add wrapping

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Address comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Address comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Address comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

* Address comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
 2022-11-29 19:18:55 -08:00
Stefan Lasiewski 72c0fa664b
Update content/en/docs/tasks/administer-cluster/encrypt-data.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2022-11-22 15:18:03 -08:00
Stefan Lasiewski ef7fef5812
Verify key name in API Server and in etcd 
Sometimes the key may not match due to bugs or human error
 2022-11-01 14:26:10 -07:00
The Tran 4e4862d5da
Improve “Encrypting Secret Data at Rest” page (#35425) 
* Improve “Encrypting Secret Data at Rest” page

* Apply suggestions from code review

Co-authored-by: Tim Bannister <tim@scalefactory.com>

* separate commands from sample output

* Apply suggestions from code review

Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2022-09-21 17:59:08 -07:00
Rita Zhang f367ff60e1
feat: KMS v2alpha1 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
 2022-08-16 17:32:01 -07:00
Shubham Kuchhal f608a7c4c8 Added Hyperlink to PKCS#7. 2022-05-30 16:21:13 +05:30
Qiming Teng 3e58334b07 Add configuration reference for API server encryption 2022-02-10 11:27:52 +08:00
Viacheslav Vasilyev 241e635197
Update content/en/docs/tasks/administer-cluster/encrypt-data.md 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
 2022-02-01 15:31:21 +02:00
Viacheslav Vasilyev ddd4a3defb
Update content/en/docs/tasks/administer-cluster/encrypt-data.md 
Co-authored-by: Jim Angel <jimangel@users.noreply.github.com>
 2022-02-01 12:38:35 +02:00
Viacheslav Vasilyev 0ef0c8d570
Update encrypt-data.md - multi-master configuration notice 
Add short notice about multi-cluster configurations
 2022-01-18 12:40:37 +02:00
Kubernetes Prow Robot e4e0bf43a8
Merge pull request #29102 from hoskeri/encrypt-data-doc 
encrypt-data: Don't recommend AES-CBC
 2021-09-30 14:27:15 -07:00
Junaid Ali 2fe20a8ac4
Fix link to decoding a secret 2021-07-27 23:34:13 +01:00
Abhijit Hoskeri ff63695666 encrypt-data: Don't recommend AES-CBC 
CBC is not recommended any more due to vulnerability
to padding oracle attacks.

Promote secretbox instead.
 2021-07-23 13:03:33 -07:00
Karen Bradshaw ecc27bbbe7 add en pages 2020-06-09 19:33:15 -04:00
Tim Bannister 0cd227897e Highlight note with appropriate shortcode 2020-05-12 19:36:38 +01:00
Tim Bannister 89c99bac81 Fix Markdown for secret encryption at rest 
Adapt Markdown for CommonMark / Hugo 0.70.x
 2020-05-12 19:35:56 +01:00
Tim Bannister a84463852e
Revise “Encrypting Secret Data at Rest” (#18810) 
* Drop reference to old Kubernetes versions

At the time of writing, Kubernetes v1.13 is the oldest supported
version, and encryption-at-rest is no longer alpha.

* Tidy whitespace

* Add table caption

* Set metadata for required Kubernetes version
 2020-02-06 13:03:24 -08:00
Maya Kaczorowski a905be0ceb Add recommendation to use kms provider (#13264) 
* Add recommendation to use kms provider

Add a warning to encrypting secrets documentation that if using a provider with secrets encryption, kms provider is preferred as it materially changes the threat model.

* Update encrypt-data.md

* Update encrypt-data.md

Updated to include kms provider is Beta sice 1.12

* Update encrypt-data.md
 2019-06-10 19:30:16 -07:00