Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ImagePolicyWebhook docs #1188

Merged
merged 1 commit into from
Sep 15, 2016
Merged

Add ImagePolicyWebhook docs #1188

merged 1 commit into from
Sep 15, 2016

Conversation

ecordell
Copy link

@ecordell ecordell commented Sep 8, 2016
edited by pwittrock
Loading

This documents the ImagePolicyWebhook Admission controller as proposed in the image-provenance proposal.

cc @kubernetes/docs

This change is Reviewable

@ecordell ecordell mentioned this pull request Sep 8, 2016
Closed
21 tasks
@philips
Copy link
Contributor

philips commented Sep 8, 2016

LGTM, thanks @ecordell

@jaredbhatti
Copy link
Contributor

Part of kubernetes/enhancements#59

@ecordell ecordell changed the base branch from master to release-1.4 September 8, 2016 21:24
@jaredbhatti
Copy link
Contributor

@ecordell Can you make this change against the release-1.4 branch instead of master?

@googlebot
Copy link

We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm.

@googlebot googlebot added cla: no and removed cla: yes labels Sep 8, 2016
@googlebot
Copy link

CLAs look good, thanks!

@googlebot googlebot added cla: yes and removed cla: no labels Sep 8, 2016
@ecordell
Copy link
Author

ecordell commented Sep 8, 2016

@jaredbhatti done!

@devin-donnelly
Copy link
Contributor

devin-donnelly commented Sep 9, 2016
edited
Loading

@ecordell , would you mind rebasing this on the latest in release-1.4 real quick? I'm testing out a new staging capability.

Q-Lee
Q-Lee reviewed Sep 9, 2016
View reviewed changes
docs/admin/admission-controllers.md
}
```

To disallow acceess, the service would return:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*access

@Q-Lee
Copy link

Q-Lee commented Sep 9, 2016

Please mention the flag required to turn this feature on (ImageReviewPolicy). Other than that I found 1 typo and like the rest.

@ecordell
Copy link
Author

ecordell commented Sep 9, 2016

Nice catch @Q-Lee (I have a sticky e key)

Added info on enabling the controller to the intro in the docs.

@Q-Lee
Copy link

Q-Lee commented Sep 9, 2016

LGTM, @davidopp do you want to apply the lgtm label?

@devin-donnelly
Copy link
Contributor

Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions.

docs/admin/admission-controllers.md, line 83 [r2] (raw file):

### ImagePolicyWebhook

This plug-in will allow admission decisions to be made by a backend webhook. It must be enabled with:

Passive voice/future tense/pronouns.

"The ImagePolicyWebhook plug-in allows a backend webhook to make admission decisions. You enable this plug-in by setting the admission-control option as follows:"

docs/admin/admission-controllers.md, line 90 [r2] (raw file):

#### Configuration File Format
It uses the admission controller config file (`--admission-controller-config-file`) to set configuration options for the behavior of the backend. This file may be json or yaml and has the following format:

"ImagePolicyWebhook uses the admission controller config file..."

docs/admin/admission-controllers.md, line 106 [r2] (raw file):

The config file must reference a [kubeconfig](/docs/user-guide/kubeconfig-file/) formatted file which sets up the connection to the backend. It is required that the backend communicate over TLS.

The kubeconfig's cluster field is used to refer to the remote service, user refers to the returned authorizer.

The kubeconfig file's cluster field must point to the remote service, and the user field must contain the returned authorizer.

Comments from Reviewable

@devin-donnelly devin-donnelly added this to the 1.4 milestone Sep 9, 2016
@ecordell
Copy link
Author

@devin-donnelly fixed

@devin-donnelly
Copy link
Contributor

:lgtm:

Review status: 0 of 1 files reviewed at latest revision, 4 unresolved discussions.

Comments from Reviewable

@devin-donnelly
Copy link
Contributor

Good from my perspective. Adding the tech review tag to make sure this gets a tech LGTM.

@devin-donnelly
Copy link
Contributor

Never mind, looks like @philips took care of it. I'll merge this one in.

@devin-donnelly devin-donnelly merged commit b423faa into kubernetes:release-1.4 Sep 15, 2016
mikutas pushed a commit to mikutas/k8s-website that referenced this pull request Sep 22, 2022
@wmorgan
Add Buoyant training offering (kubernetes#1188)
669ca38 
* Add Buoyant training course signup to training & support page.
* Remove Kubernetes course. Not sure why that would be on a Linkerd page.
* target=_blank for external links

Signed-off-by: William Morgan <william@buoyant.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@davidopp davidopp

Labels
None yet
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.
7 participants
@ecordell @philips @jaredbhatti @googlebot @devin-donnelly @Q-Lee @davidopp