Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Pod Security Admission docs for graduation to stable #35618

Merged
merged 2 commits into from
Aug 14, 2022
Merged

Update Pod Security Admission docs for graduation to stable #35618

merged 2 commits into from
Aug 14, 2022

Conversation

tallclair
Copy link
Member

Update the PSA docs for stable release in v1.25

Includes:

  • Update feature state references, remove feature gate reference.
  • Remove references to PSP (note this conflicts with Scrub PSP docs for 1.25 #33512)
  • Remove webhook instructions, as the built-in controller is now widely available, and the webhook is not well supported.

/assign @liggitt

@netlify
Copy link

netlify bot commented Aug 2, 2022
edited
Loading

👷 Deploy Preview for kubernetes-io-vnext-staging processing.

Name Link
🔨 Latest commit 29d9fa5
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/62ed8e2938050f00091095db

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 2, 2022
@k8s-ci-robot k8s-ci-robot requested a review from liggitt August 2, 2022 00:00
@k8s-ci-robot k8s-ci-robot added the language/en Issues or PRs related to English language label Aug 2, 2022
@k8s-ci-robot k8s-ci-robot added the sig/docs Categorizes an issue or PR as relevant to SIG Docs. label Aug 2, 2022
@tallclair tallclair mentioned this pull request Aug 2, 2022
Closed
12 tasks
@liggitt
Copy link
Member

liggitt commented Aug 2, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 2, 2022
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 2ac4db2f536f7c1f9e7a67c9001ad0ff5384eae3

sftim
sftim reviewed Aug 2, 2022
View reviewed changes
Copy link
Contributor

@sftim sftim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this page sets min-kubernetes-server-version: v1.22 in the front matter, but actually we can omit that line (and it's now possibly a bit misleading).

@sftim
Copy link
Contributor

sftim commented Aug 2, 2022

/sig auth

@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Aug 2, 2022
@reylejano
Copy link
Member

/milestone 1.25
/assign @didicodes
/cc @kcmartin

@k8s-ci-robot k8s-ci-robot added this to the 1.25 milestone Aug 3, 2022
@k8s-ci-robot k8s-ci-robot requested a review from kcmartin August 3, 2022 03:58
shannonxtreme
shannonxtreme reviewed Aug 4, 2022
View reviewed changes
content/en/docs/concepts/security/pod-security-admission.md Outdated
Kubernetes offers a built-in _Pod Security_ {{< glossary_tooltip text="admission controller"
term_id="admission-controller" >}} to enforce the Pod Security Standards. Pod security restrictions
are applied at the {{< glossary_tooltip text="namespace" term_id="namespace" >}} level when pods are
created.

## {{% heading "prerequisites" %}}

To use this mechanism, your cluster must enforce Pod Security admission.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated and complete nit, but why is this a prerequisite? To use this feature, your cluster must...use this feature? Feels like you could get rid of the heading altogether and convert the heading after it from an H3 to an H2

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We usually save

## {{% heading "prerequisites" %}}

for task or tutorial pages.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, when features graduate to stable, we do expect to polish the docs and fix nits like this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have a standard format for saying a built-in admission controller must be enabled (or really, must not be disabled)? Looking at a few other admission-related pages, it seems like most of them just omit the prerequisites.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just deleted it for now.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 5, 2022
@k8s-ci-robot k8s-ci-robot requested a review from didicodes August 5, 2022 21:39
@tallclair
Copy link
Member Author

/label tide/merge-method-squash

@k8s-ci-robot k8s-ci-robot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Aug 5, 2022
@sftim
Copy link
Contributor

sftim commented Aug 14, 2022

/remove-label tide/merge-method-squash

2 commits are fine.

@k8s-ci-robot k8s-ci-robot removed the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Aug 14, 2022
@sftim
Copy link
Contributor

sftim commented Aug 14, 2022

Changes since #35618 (comment) are not material.

/lgtm
/approv

@sftim
Copy link
Contributor

sftim commented Aug 14, 2022

/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 14, 2022
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: ae4aaadf7f15ddce5ea64bae76c7e5b17f5d73a7

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sftim

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 14, 2022
@k8s-ci-robot k8s-ci-robot merged commit 1476ac9 into kubernetes:dev-1.25 Aug 14, 2022
@liggitt liggitt mentioned this pull request Aug 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@shannonxtreme shannonxtreme shannonxtreme left review comments

@liggitt liggitt Awaiting requested review from liggitt

@kcmartin kcmartin Awaiting requested review from kcmartin

@didicodes didicodes Awaiting requested review from didicodes

Assignees

@liggitt liggitt

@sftim sftim

@didicodes didicodes

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/docs Categorizes an issue or PR as relevant to SIG Docs. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
1.25
Development

Successfully merging this pull request may close these issues.
7 participants
@tallclair @liggitt @k8s-ci-robot @sftim @reylejano @shannonxtreme @didicodes