book: implement review fixes

Signed-off-by: Christian Schlotter <[email protected]>
kubernetes-sigs · Apr 19, 2022 · 6b38f19 · 6b38f19
1 parent d4c6112
commit 6b38f19
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/docs/book/src/security-guidelines/index.md b/docs/book/src/security-guidelines/index.md
@@ -1,6 +1,6 @@
 # Security Guidelines
 
 This section provides security guidelines useful to provision clusters which are
-secure by default to follow the [secure defaults guidelines for cloud native apps].
+_secure by default_ to follow the [secure defaults guidelines for cloud native apps].
 
 [secure defaults guidelines for cloud native apps]: https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md
diff --git a/docs/book/src/security-guidelines/pod-security-standards.md b/docs/book/src/security-guidelines/pod-security-standards.md
@@ -1,6 +1,6 @@
 # Pod Security Standards
 
-Pod Security Admission allows defining [Pod Security Standards] for creation of pods at the cluster level.
+Pod Security Admission allows applying [Pod Security Standards] during creation of pods at the cluster level.
 
 The flavor `development-topology` for the docker provider used in [Quick Start](../user/quick-start.md) already includes a basic Pod Security Standard configuration.
 It is using variables and patches via ClusterClass to inject the configuration.
@@ -44,6 +44,9 @@ spec:
   ...
 ```
 
+* The version field in Pod Security Admission Config defaults to `latest`.
+* The `kube-system` namespace is exempt from Pod Security Standards enforcement, because it runs control-plane pods that need higher privileges.
+
 ### Adding the patches to a ClusterClass
 
 The following snippet contains the patch to be added to the ClusterClass.
@@ -64,7 +67,7 @@ kind: ClusterClass
 spec:
   ...
   patches:
-  - name: admissionPodSecurityPolicy
+  - name: podSecurityStandard
     description: "Adds an admission configuration for PodSecurity to the kube-apiserver."
     definitions:
     - selector:
@@ -187,7 +190,7 @@ spec:
 
 ### Create a secure Cluster using the ClusterClass
 
-After adding the variables and patches the Pod Security Standard would be added by default.
+After adding the variables and patches the Pod Security Standards would be applied by default.
 It is also possible to disable this patch or configure different levels for the configuration 
 using variables.
 

diff --git a/docs/book/src/tasks/experimental-features/cluster-class/write-clusterclass.md b/docs/book/src/tasks/experimental-features/cluster-class/write-clusterclass.md
@@ -687,9 +687,9 @@ a ClusterClass matches all of the following conditions:
 * the patch is a JSON patch
 * the patch tries to `add` a value to a **slice**
 * the slice was defined with `omitempty`
-* the slice is currently does not exist
+* the slice currently does not exist
 
-A workaround in this particular case is to create the slice in the patch instead of adding to the not existing one.
+A workaround in this particular case is to create the slice in the patch instead of adding it to the non-existing one.
 When creating the slice, existing values would be overwritten so this should only be used when it does not exist.
 
 The following example shows both cases to consider while writing a patch for adding a value to a slice.