Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with k8s.io/docs/tasks/configure-pod-container/migrate-from-psp/ #30823

Closed
jglick opened this issue Dec 9, 2021 · 10 comments
Closed

Issue with k8s.io/docs/tasks/configure-pod-container/migrate-from-psp/ #30823

jglick opened this issue Dec 9, 2021 · 10 comments
Labels
language/en Issues or PRs related to English language lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@jglick
Copy link
Contributor

jglick commented Dec 9, 2021

This page would be more helpful if it listed actual PodSecurityPolicy YAML corresponding (to the extent possible) to the new baseline and restricted levels.
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Dec 9, 2021
@sftim
Copy link
Contributor

sftim commented Jan 5, 2022

@jglick maybe if that page linked to the example PSP list in https://kubernetes.io/docs/concepts/security/pod-security-standards/#policy-instantiation? Would that help?

(BTW, those “levels” aren't entirely new - the 3 pod security standards have been in Kubernetes docs since May 2020)

@jglick
Copy link
Contributor Author

jglick commented Jan 6, 2022

Yes, that is exactly what I was looking for. Adding a link would be helpful.

@sftim
Copy link
Contributor

sftim commented Jan 6, 2022

/sig docs
/sig security
/triage accepted
/language en
/priority backlog

@k8s-ci-robot k8s-ci-robot added sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. triage/accepted Indicates an issue or PR is ready to be actively worked on. language/en Issues or PRs related to English language priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 6, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 6, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 6, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jglick
Copy link
Contributor Author

jglick commented Jan 11, 2023

There is https://kubernetes.io/docs/reference/access-authn-authz/psp-to-pod-security-standards/ which is probably good enough. I still find it somewhat clearer to just see stock PSP YAML examples so that you can check whether an existing PSP resources was simply copied from one of these. Unfortunately the link you referenced in #30823 (comment) is no longer useful because the links to the PSP example files (though not the files themselves) was deleted: #33512 (comment)

@sftim
Copy link
Contributor

sftim commented Aug 2, 2023

For the current v1.27 docs, I'm happy with how they look.

(my individual opinion, but as a tech lead for docs) I'd be willing to accept changes against the v1.24 (and older) docs to put those examples back, and then revise https://kubernetes.io/docs/concepts/security/pod-security-policy/ to make it even easier to find the relevant pages that still have the documentation.

All this would need now is people to volunteer to do that work.

@sftim
Copy link
Contributor

sftim commented Aug 2, 2023

There's a technical blocker to having example PodSecurityPolicies in the current docs: we validate the example manifests, and PSP is no longer part of Kubernetes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
language/en Issues or PRs related to English language lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jglick @k8s-ci-robot @sftim @k8s-triage-robot