public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Broken Link Fixes 

Have Updated Few Broken Links that was not working with the https://jenkinsci.github.io/kubernetes-operator/docs/security/ . If its still not working as expected. I would be happy to write for the documentation.
This commit is contained in:
Gaurav 2020-03-16 16:07:42 +05:30 committed by GitHub
parent 544fef8d1c
commit 3766312898
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/en/docs/Security/_index.md
View File

@ -14,7 +14,7 @@ via groovy scripts to prevent any security gaps.
Currently **Jenkins Operator** generates a username and random password and stores them in a Kubernetes Secret. Currently **Jenkins Operator** generates a username and random password and stores them in a Kubernetes Secret.
However any other authorization mechanisms are possible and can be done via groovy scripts or configuration as code plugin. However any other authorization mechanisms are possible and can be done via groovy scripts or configuration as code plugin.
For more information take a look at [getting-started#jenkins-customization](v0.1.1/getting-started.md#jenkins-customisation). For more information take a look at [getting-started#jenkins-customization](/website/content/en/docs/Security/_index.md).
Any change to Security Realm or Authorization requires that user called `jenkins-operator` must have admin rights Any change to Security Realm or Authorization requires that user called `jenkins-operator` must have admin rights
because **Jenkins Operator** calls Jenkins API. because **Jenkins Operator** calls Jenkins API.
@ -31,7 +31,7 @@ The list below describes all the default security setting configured by the **Je
- disable CLI - CLI access of `/cli` URL is disabled - disable CLI - CLI access of `/cli` URL is disabled
- configure kubernetes-plugin - secure configuration for Kubernetes plugin - configure kubernetes-plugin - secure configuration for Kubernetes plugin
If you would like to dig a little bit into the code, take a look [here](../pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go). If you would like to dig a little bit into the code, take a look [here](/pkg/controller/jenkins/configuration/base/resources/base_configuration_configmap.go).
## Jenkins API ## Jenkins API
@ -42,8 +42,8 @@ and stores it in a Kubernetes Secret.
Kubernetes API permissions are limited by the following roles: Kubernetes API permissions are limited by the following roles:
- [jenkins-operator role](../deploy/role.yaml) - [jenkins-operator role](/deploy/role.yaml)
- [Jenkins Master role](../pkg/controller/jenkins/configuration/base/resources/rbac.go) - [Jenkins Master role](/pkg/controller/jenkins/configuration/base/resources/rbac.go)
Since **Jenkins Operator** must be able to grant permission for its' deployed Jenkins masters Since **Jenkins Operator** must be able to grant permission for its' deployed Jenkins masters
to spawn pods (the `Jenkins Master role` above), to spawn pods (the `Jenkins Master role` above),
@ -55,7 +55,7 @@ Any namespace to which the `jenkins-operator` is deployed must be considered to
possible permissions to any subject which can create a Pod in that namespace. possible permissions to any subject which can create a Pod in that namespace.
To mitigate this issue **Jenkins Operator** should be deployed in one namespace and the Jenkins CR should be created in separate namespace. To mitigate this issue **Jenkins Operator** should be deployed in one namespace and the Jenkins CR should be created in separate namespace.
To achieve it change watch namespace in https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25 To achieve it change watch namespace in [https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25](https://github.com/jenkinsci/kubernetes-operator/blob/master/deploy/operator.yaml#L25)
## Setup Jenkins Operator and Jenkins in separated namespaces ## Setup Jenkins Operator and Jenkins in separated namespaces