public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Broken Link Fixes 

Have Updated Few Broken Links that was not working with the https://jenkinsci.github.io/kubernetes-operator/docs/security/ . If its still not working as expected. I would be happy to write for the documentation.
This commit is contained in:
Gaurav 2020-03-16 16:07:42 +05:30 committed by GitHub
parent 544fef8d1c
commit 3766312898
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/en/docs/Security/_index.md
View File

@ -14,7 +14,7 @@ via groovy scripts to prevent any security gaps.
Currently **Jenkins Operator** generates a username and random password and stores them in a Kubernetes Secret.
However any other authorization mechanisms are possible and can be done via groovy scripts or configuration as code plugin.
For more information take a look at [getting-started#jenkins-customization](v0.1.1/getting-started.md#jenkins-customisation).
For more information take a look at [getting-started#jenkins-customization](/website/content/en/docs/Security/_index.md).
Any change to Security Realm or Authorization requires that user called `jenkins-operator` must have admin rights
because **Jenkins Operator** calls Jenkins API.
@ -31,7 +31,7 @@ The list below describes all the default security setting configured by the **Je
- disable CLI - CLI access of `/cli` URL is disabled
- configure kubernetes-plugin - secure configuration for Kubernetes plugin
If you would like to dig a little bit into the code, take a look [here](../pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go).
If you would like to dig a little bit into the code, take a look [here](/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go).
## Jenkins API
@ -42,8 +42,8 @@ and stores it in a Kubernetes Secret.
Kubernetes API permissions are limited by the following roles:
- [jenkins-operator role](../deploy/role.yaml)
- [Jenkins Master role](../pkg/controller/jenkins/configuration/base/resources/rbac.go)
- [jenkins-operator role](/deploy/role.yaml)
- [Jenkins Master role](/pkg/controller/jenkins/configuration/base/resources/rbac.go)
Since **Jenkins Operator** must be able to grant permission for its' deployed Jenkins masters
to spawn pods (the `Jenkins Master role` above),
@ -55,7 +55,7 @@ Any namespace to which the `jenkins-operator` is deployed must be considered to
possible permissions to any subject which can create a Pod in that namespace.
To mitigate this issue **Jenkins Operator** should be deployed in one namespace and the Jenkins CR should be created in separate namespace.
To achieve it change watch namespace in https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25
To achieve it change watch namespace in [https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25](https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25)
## Setup Jenkins Operator and Jenkins in separated namespaces