Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mention system:masters in authz page #48546

Closed
sftim opened this issue Oct 25, 2024 · 6 comments · Fixed by #48600
Closed

Mention system:masters in authz page #48546

sftim opened this issue Oct 25, 2024 · 6 comments · Fixed by #48600
Assignees
@mrgiles
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. language/en Issues or PRs related to English language priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@sftim
Copy link
Contributor

sftim commented Oct 25, 2024

This is a Feature Request

What would you like to be added
Update https://kubernetes.io/docs/reference/access-authn-authz/authorization/ to mention the special group system:masters

Why is this needed
Kubernetes has special hard coded treatment for system:masters, but this detail is poorly documented.

Comments
/sig auth security docs
@sftim sftim added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 25, 2024
@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/security Categorizes an issue or PR as relevant to SIG Security. sig/docs Categorizes an issue or PR as relevant to SIG Docs. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 25, 2024
@sftim
Copy link
Contributor Author

sftim commented Oct 25, 2024

/triage accepted
/priority important-longterm
/help
/language en

@k8s-ci-robot
Copy link
Contributor

@sftim:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/triage accepted
/priority important-longterm
/help
/language en

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. language/en Issues or PRs related to English language and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Oct 25, 2024
@sftim sftim mentioned this issue Oct 25, 2024
Open
@mrgiles
Copy link
Contributor

mrgiles commented Oct 29, 2024

@sftim, I've just found only brief mentions of the system:masters group in the RBAC Good Practices and in the Using RBAC pages. Would you like to expand further on the topic or just link to those entries from the Authorization page?

@sftim
Copy link
Contributor Author

sftim commented Oct 29, 2024

The page to update is https://kubernetes.io/docs/reference/access-authn-authz/authorization/

You can pick the best way to achieve this.

@mrgiles
Copy link
Contributor

mrgiles commented Oct 29, 2024

/assign

@mrgiles mrgiles mentioned this issue Oct 31, 2024
Merged
@sftim
Copy link
Contributor Author

sftim commented Nov 11, 2024

Thanks @mrgiles

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrgiles mrgiles

Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. language/en Issues or PRs related to English language priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Status: Closed / Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add systems:master mention to the Authz reference page mrgiles/kubernetes-website
3 participants
@mrgiles @k8s-ci-robot @sftim