add documentation for system:monitoring rbac policy #22715
Conversation
|
/assign @liggitt |
k8s-ci-robot
added
size/XS
k8s-ci-robot
added
the
sig/docs
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit d04fdb9 https://deploy-preview-22715--kubernetes-io-master-staging.netlify.app |
|
one nit, lgtm otherwise /hold |
k8s-ci-robot
added
the
do-not-merge/hold
logicalhan
force-pushed
the
monitoring
branch
2 times, most recently
from
9ba6d9e
to
3169642
Compare
|
/sig auth |
k8s-ci-robot
added
the
sig/auth
|
/assign @savitharaghunathan Given the comment that this should be for 1.20, I wonder if we should consider alternate ways to handling this or potentially close this PR - waiting for the 1.20 cycle to begin. |
k8s-ci-robot
added
the
needs-rebase
why not hold and add to the 1.20 milestone? |
|
Per @LiGgit's suggestion: /milestone 1.20 |
logicalhan
force-pushed
the
monitoring
branch
from
3169642
to
d8c116a
Compare
k8s-ci-robot
removed
the
needs-rebase
logicalhan
force-pushed
the
monitoring
branch
from
d8c116a
to
d04fdb9
Compare
@logicalhan Can you update the target branch to |
|
Hi @logicalhan 1.20 docs lead here, a friendly reminder to update the target branch to |
Hi! Sorry have been out on paternity leave, updated the branch! Thanks! |
|
Thank you @logicalhan! Also, was just reviewing this and if you take a look at the preview https://deploy-preview-22715--kubernetes-io-master-staging.netlify.app/docs/reference/access-authn-authz/rbac/ it actually does not apply ` correctly, and looks like this. It looks like this can be solved using < tt >< /tt > (without spaces, added spaces so that it shows up in the comment) instead.
|
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Deploy preview for kubernetes-io-vnext-staging processing. Building with commit f37f473 https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/5f7f97dbc52f3c00071d9bee |
Applied the change. Thanks for the quick review! |
| <tbody> | ||
| <tr> | ||
| <td><b>system:monitoring</b></td> | ||
| <td><b>system:monitoring</b> group</td> |
There was a problem hiding this comment.
Should group appear in bold?
<b>group</b>
I think the <tt> element is deprecated?
For code or endpoints, you can use backticks:
/healthz
The table data content could be formatted as:
Allows read access to control-plane monitoring endpoints such as the {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}} liveness and readiness endpoints (/healthz, /livez, /readyz), the individual health-check endpoints (/healthz/*, /livez/*, /readyz/*), and /metrics. Note that individual health check endpoints and the metric endpoint may expose sensitive information.
There was a problem hiding this comment.
Hi @kbhawkey, using backticks resulted in the following (#22715 (comment)) so I suggested to change to < tt >. It doesn't seem to be deprecated as the page renders as expected (https://5f7f97dbc52f3c00071d9bee--kubernetes-io-vnext-staging.netlify.app/docs/reference/access-authn-authz/rbac/). PTAL when you can, thank you!
@logicalhan pinging to review Karen's suggestions! :D
There was a problem hiding this comment.
OK, the HTML table looks good.
/lgtm
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: cea016092bc86b692fcf48c660d1fe31023c0681
|
| <tr> | ||
| <td><b>system:monitoring</b></td> | ||
| <td><b>system:monitoring</b> group</td> | ||
| <td>Allows read access to control-plane monitoring endpoints (i.e. {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}} liveness and readiness endpoints (<tt>/healthz</tt>, <tt>/livez</tt>, <tt>/readyz</tt>), the individual health-check endpoints (<tt>/healthz/*</tt>, <tt>/livez/*</tt>, <tt>/readyz/*</tt>), and <tt>/metrics</tt>). Note that individual health check endpoints and the metric endpoint may expose sensitive information.</td> |
There was a problem hiding this comment.
nit: we prefer to avoid Latin abbreviations (”i.e.” and similar)
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: logicalhan, sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
A new bootstrapping role for monitoring endpoints was introduced in kubernetes/kubernetes#93311 and this PR intends to add documentation to our bootstrapped default RBAC policies/roles/role-bindings/groups so that it reflects the new addition.