Kubernetes Hardening Guide Section on Authentication Mechanisms

[raesene]

This is the first section for the Kubernetes hardening guide which has been under discussion in SIG-Security-Docs kubernetes/sig-security#30 .

[netlify]

✅ Pull request preview available for checking

Built without sensitive environment variables

Name	Link
🔨 Latest commit	8ed2edd
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/64eb09d80df09c00088fe78c
😎 Deploy Preview	https://deploy-preview-42486--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mtardy]

Really liked it, very clear and concise. I agree with sftim's comments, just not sure we need to go into TLS version recommendation details.

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 42c9696677089bab7462e74397a8f079f4d1b858

[sftim]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 0dbe68c46082213a48080b88630c24d4fbc692e7

[tengqm]

This page doesn't taste like a concept page.
Maybe it should be a reference page?

[sftim]

It's not a reference either. Actual guides really belong in the tasks section. I think that'd be a good home

We could invent a new content_type: guide. If that feels useful.

[raesene]

So, I'm not hugely attached to where this ends up, what I would say is that it's a slightly funny one. The content in tasks feels quite hands-on (i.e. specific commands that are being run) where this is higher level.

Not to say we couldn't put it in tasks, but it's not a 100% fit there, compared to other content in that section. That said, I'd agree isn't not 100% concept either :)

[reylejano]

Since tasks are for "contains pages that show how to do individual tasks", I don't feel this hardening guide on auth mechanisms belong there unless we extend the scope of the tasks section to include a new content_type of guide

Good practices for Kubernetes Secrets
and Role Based Access Control Good Practices are under concepts. I would consider these as guides as well.

There is a Best Practices section, https://kubernetes.io/docs/setup/best-practices/. Is a hardening guide (& other guides) a good fit for the Best Practices section -- I'm leaning towards yes but I can also see this not under best practices.

[sftim]

Following up #42486 (comment)

If we want to make a new section for, eg good-practice or guidance or suchlike, that works for me.

If we do decide to do that, I'm OK to plan for it but also find an interim home for this PR's changes to land, and then refactor. We could add a note for localizers to make the situation clear.

[kbhawkey]

OpenID Connect (OIDC)

[kbhawkey]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 0b978a37273f6f9e1855c68470b5645ea9241134

[reylejano]

I'm good to have this land under concepts for now. Like Tim mentioned earlier, if we make a new section for guides or good-practice we can refactor and move the current good-practice and guide pages lter
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: reylejano

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• content/en/OWNERS [reylejano]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment