Security hardening guide for scheduler configuration #45080

AnshumanTripathi · 2024-02-10T08:07:00Z

Creating a scheduler hardening guide as a part of kubernetes/sig-security#30.

Page preview - https://deploy-preview-45080--kubernetes-io-main-staging.netlify.app/docs/concepts/security/hardening-guide/scheduler/

linux-foundation-easycla · 2024-02-10T08:07:06Z

The committers listed above are authorized under a signed CLA.

✅ login: AnshumanTripathi / name: Anshuman Tripathi (b0d8a8c)

k8s-ci-robot · 2024-02-10T08:07:08Z

Welcome @AnshumanTripathi!

It looks like this is your first PR to kubernetes/website 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/website has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

netlify · 2024-02-10T08:09:24Z

✅ Pull request preview available for checking

Built without sensitive environment variables

Name	Link
🔨 Latest commit	`b0d8a8c`
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/683b8316a957710008f5458d
😎 Deploy Preview	https://deploy-preview-45080--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

sftim · 2024-02-10T17:51:55Z

/sig security

content/en/docs/concepts/security/hardening-guide/scheduler.md

reylejano · 2024-02-13T19:11:21Z

@kubernetes/sig-security-pr-reviews please take a look

content/en/docs/concepts/security/hardening-guide/scheduler.md

sftim

Some more feedback.

content/en/docs/concepts/security/hardening-guide/scheduler.md

sftim · 2024-12-13T18:15:12Z

See #45080 (comment) for some relevant commentary about where these docs should live.

sftim · 2025-01-28T18:06:42Z

@AnshumanTripathi do you have the time to work more on this? I think just a little more effort is what's needed so we can merge it.

AnshumanTripathi · 2025-01-28T18:54:41Z

@sftim Yeah I can get this finished in sometime. Thanks for double clicking on this.

k8s-ci-robot · 2025-03-07T16:13:01Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign dipesh-rawat for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

content/en/docs/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

t-inu · 2025-03-11T16:29:03Z

/remove-area localization
/remove-language ja

mtardy · 2025-05-26T09:57:57Z

Please wrap these long lines as you did for some other paragraphs.

As mentioned, could you wrap all your lines so that's it's easier to make suggestions and edits?

AnshumanTripathi · 2025-05-27T03:30:39Z

Please wrap these long lines as you did for some other paragraphs.

As mentioned, could you wrap all your lines so that's it's easier to make suggestions and edits?

Wrapped long lines. LMK more is needed.

Signed-off-by: Anshuman Tripathi <[email protected]> [WIP] Security hardening guide for scheduler configurations Signed-off-by: Anshuman Tripathi <[email protected]> Updates after passing through hemmingway.app Signed-off-by: Anshuman Tripathi <[email protected]> Update scheduling configurations Signed-off-by: Anshuman Tripathi <[email protected]> Apply suggestions from code review Co-authored-by: Tim Bannister <[email protected]> Co-authored-by: Daniel Register <[email protected]> Updates based on PR feedback Signed-off-by: Anshuman Tripathi <[email protected]> Update bind-address definition Signed-off-by: Anshuman Tripathi <[email protected]> Update phrasing of permit-address-sharing Signed-off-by: Anshuman Tripathi <[email protected]> Add -- to args Signed-off-by: Anshuman Tripathi <[email protected]> Sentence case in table title Signed-off-by: Anshuman Tripathi <[email protected]> Reword and correct grammer based on feedback Signed-off-by: Anshuman Tripathi <[email protected]> Remove verbatim argument description Signed-off-by: Anshuman Tripathi <[email protected]> More updates Signed-off-by: Anshuman Tripathi <[email protected]> Update custom scheduler heading and description Signed-off-by: Anshuman Tripathi <[email protected]> Remove dashes on args Signed-off-by: Anshuman Tripathi <[email protected]> Apply suggestions from code review Co-authored-by: Tim Bannister <[email protected]> Signed-off-by: Anshuman Tripathi <[email protected]> Update table title Signed-off-by: Anshuman Tripathi <[email protected]> Update based on feedback Signed-off-by: Anshuman Tripathi <[email protected]> node selector Signed-off-by: Anshuman Tripathi <[email protected]> Feedback Signed-off-by: Anshuman Tripathi <[email protected]> Update authentication and TLS configuration Signed-off-by: Anshuman Tripathi <[email protected]> profiling Signed-off-by: Anshuman Tripathi <[email protected]> Replace tables with bullets Signed-off-by: Anshuman Tripathi <[email protected]> Fix custom scheduler directive and link Signed-off-by: Anshuman Tripathi <[email protected]> style Signed-off-by: Anshuman Tripathi <[email protected]> Update based on feedback Signed-off-by: Anshuman Tripathi <[email protected]> fix: custom scheduler profile Signed-off-by: Anshuman Tripathi <[email protected]>

k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 10, 2024

k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 10, 2024

k8s-ci-robot requested a review from shannonxtreme February 10, 2024 08:07

k8s-ci-robot added the language/en Issues or PRs related to English language label Feb 10, 2024

k8s-ci-robot requested a review from tengqm February 10, 2024 08:07

k8s-ci-robot added the sig/docs Categorizes an issue or PR as relevant to SIG Docs. label Feb 10, 2024

k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Feb 10, 2024

k8s-ci-robot added the sig/security Categorizes an issue or PR as relevant to SIG Security. label Feb 10, 2024

AnshumanTripathi marked this pull request as ready for review February 13, 2024 06:34

k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 13, 2024

k8s-ci-robot requested a review from dipesh-rawat February 13, 2024 06:34

bijou-code reviewed Feb 13, 2024

View reviewed changes