From c8743ab07a0603512c25e9370a6c1aa2f5fa6bae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Sat, 24 Feb 2024 17:14:57 +0100 Subject: [PATCH] fix: install npm dependencies --- .github/workflows/hugo.yaml | 2 +- config/_default/hugo.toml | 2 + content/en/_index.md | 8 +- content/en/docs/concepts/_index.md | 14 -- content/en/docs/concepts/ownerhsip.md | 6 - content/en/docs/overview/_index.md | 3 + content/en/docs/tutorial/_index.md | 16 ++ content/en/docs/tutorial/configuration.md | 6 + content/en/docs/tutorial/permissions.md | 187 +++++++++++++++++++++ static/images/content/capsule-operator.svg | 3 + static/images/icons/cncf.png | Bin 0 -> 14985 bytes static/images/icons/cncf.svg | 1 - static/images/logo_cloudnative.png | 1 - 13 files changed, 222 insertions(+), 27 deletions(-) delete mode 100644 content/en/docs/concepts/_index.md delete mode 100644 content/en/docs/concepts/ownerhsip.md create mode 100644 content/en/docs/tutorial/_index.md create mode 100644 content/en/docs/tutorial/configuration.md create mode 100644 content/en/docs/tutorial/permissions.md create mode 100644 static/images/content/capsule-operator.svg create mode 100644 static/images/icons/cncf.png delete mode 100644 static/images/icons/cncf.svg delete mode 100644 static/images/logo_cloudnative.png diff --git a/.github/workflows/hugo.yaml b/.github/workflows/hugo.yaml index 91046ff..db480f1 100644 --- a/.github/workflows/hugo.yaml +++ b/.github/workflows/hugo.yaml @@ -49,7 +49,7 @@ jobs: id: pages uses: actions/configure-pages@v4 - name: Install Node.js dependencies - run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true" + run: " npm install --save-dev autoprefixer postcss-cli && npm ci || true" - name: Build with Hugo env: # For maximum backward compatibility with Hugo modules diff --git a/config/_default/hugo.toml b/config/_default/hugo.toml index b6afe8a..a722c6e 100644 --- a/config/_default/hugo.toml +++ b/config/_default/hugo.toml @@ -8,6 +8,8 @@ defaultContentLanguageInSubdir = false # Useful when translating. enableMissingTranslationPlaceholders = true +editCurrentVersion = false + enableRobotsTXT = true # Will give values to .Lastmod etc. diff --git a/content/en/_index.md b/content/en/_index.md index a96dffc..c6df1ec 100644 --- a/content/en/_index.md +++ b/content/en/_index.md @@ -38,7 +38,7 @@ Leverage Kubernetes Admission Controllers to enforce the industry security best {{% /blocks/feature %}} {{% blocks/feature icon="fa-house" title="Native Experience" %}} -Provide multi-tenancy with a native Kubernetes experience without introducing additional management layers, plugins, or customized binaries. +Provide multi-tenancy with a native Kubernetes experience without introducing additional management layers, plugins, or customized binaries. Tenancy can be partially present in the cluster. {{% /blocks/feature %}} {{% blocks/feature icon="fa-ghost" title="GitOps" %}} @@ -52,12 +52,12 @@ Capsule is completely declarative and GitOps ready. ## Capsule is a CNCF Incubating Project { class="text-center mb-4" } +--- + - + -
-


diff --git a/content/en/docs/concepts/_index.md b/content/en/docs/concepts/_index.md deleted file mode 100644 index 4a5d175..0000000 --- a/content/en/docs/concepts/_index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Concepts -weight: 4 -description: > - What does your user need to understand about your project in order to use it - or potentially contribute to it? ---- - -{{% pageinfo %}} -This is a placeholder page that shows you how to use this template site. -{{% /pageinfo %}} - -For many projects, users may not need much information beyond the information in the [Overview](/docs/overview/), so this section is **optional**. However if there are areas where your users will need a more detailed understanding of a given term or feature in order to do anything useful with your project (or to not make mistakes when using it) put that information in this section. For example, you may want to add some conceptual pages if you have a large project with many components and a complex architecture. - -Remember to focus on what the user needs to know, not just what you think is interesting about your project! If they don’t need to understand your original design decisions to use or contribute to the project, don’t put them in, or include your design docs in your repo and link to them. Similarly, most users will probably need to know more about how features work when in use rather than how they are implemented. Consider a separate architecture page for more detailed implementation and system design information that potential project contributors can consult. diff --git a/content/en/docs/concepts/ownerhsip.md b/content/en/docs/concepts/ownerhsip.md deleted file mode 100644 index f7b0899..0000000 --- a/content/en/docs/concepts/ownerhsip.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Ownership -weight: 4 -description: > - What does your user need to understand about your project in order to use it - or potentially contribute to it? ---- diff --git a/content/en/docs/overview/_index.md b/content/en/docs/overview/_index.md index 55cd5af..572fe3a 100644 --- a/content/en/docs/overview/_index.md +++ b/content/en/docs/overview/_index.md @@ -1,6 +1,7 @@ --- title: Overview weight: 1 +description: Understand the problem Capsule is attempting to solve and how it works --- Capsule implements a multi-tenant and policy-based environment in your Kubernetes cluster. It is designed as a micro-services-based ecosystem with the minimalist approach, leveraging only on upstream Kubernetes. @@ -15,4 +16,6 @@ Capsule takes a different approach. In a single cluster, the Capsule Controller On the other side, the Capsule Policy Engine keeps the different tenants isolated from each other. Network and Security Policies, Resource Quota, Limit Ranges, RBAC, and other policies defined at the tenant level are automatically inherited by all the namespaces in the tenant. Then users are free to operate their tenants in autonomy, without the intervention of the cluster administrator. +
+![capsule-operator](/images/content/capsule-operator.svg) diff --git a/content/en/docs/tutorial/_index.md b/content/en/docs/tutorial/_index.md new file mode 100644 index 0000000..f3f5702 --- /dev/null +++ b/content/en/docs/tutorial/_index.md @@ -0,0 +1,16 @@ +--- +title: Tutorial +weight: 4 +description: > + Understand principles and concepts of Capsule Tenants +--- +Capsule is a framework to implement multi-tenant and policy-driven scenarios in Kubernetes. In this tutorial, we'll focus on a hypothetical case covering the main features of the Capsule Operator. + +**Acme Corp**, our sample organization, is building a Container as a Service platform (CaaS) to serve multiple lines of business, or departments, e.g. Oil, Gas, Solar, Wind, Water. Each department has its team of engineers that are responsible for the development, deployment, and operating of their digital products. We'll work with the following actors: + +* **Bill**: the cluster administrator from the operations department of Acme Corp. +* **Alice**: the project leader in the Solar & Green departments. She is responsible for a team made of different job responsibilities: e.g. developers, administrators, SRE engineers, etc. +* **Joe**: works as a lead developer of a distributed team in Alice's organization. +* **Bob**: is the head of engineering for the Water department, the main and historical line of business at Acme Corp. + +This scenario will guide you through the following topics. \ No newline at end of file diff --git a/content/en/docs/tutorial/configuration.md b/content/en/docs/tutorial/configuration.md new file mode 100644 index 0000000..7eade74 --- /dev/null +++ b/content/en/docs/tutorial/configuration.md @@ -0,0 +1,6 @@ +--- +title: Configuration +weight: 20 +description: > + Understand the Capsule configuration options and how to use them. +--- diff --git a/content/en/docs/tutorial/permissions.md b/content/en/docs/tutorial/permissions.md new file mode 100644 index 0000000..2063c2f --- /dev/null +++ b/content/en/docs/tutorial/permissions.md @@ -0,0 +1,187 @@ +--- +title: Permissions +weight: 1 +description: > + Grant permissions for tenants +--- + +## Ownership + +Capsule introduces the principal, that tenants must have owners. The owner of a tenant is a user or a group of users that have the right to create, delete, and manage the tenant's namespaces and other tenant resources. However an owner does not have the permissions to manage the tenants they are owner of. This is still done by cluster-administrators. + +### Group Scope + +Capsule selects users, which are eligable to be considered for tenancy by their group. + + + + +### Assigning Ownership to Users + +**Bill**, the cluster admin, receives a new request from Acme Corp's CTO asking for a new tenant to be onboarded and Alice user will be the tenant owner. Bill then assigns Alice's identity of alice in the Acme Corp. identity management system. Since Alice is a tenant owner, Bill needs to assign alice the Capsule group defined by --capsule-user-group option, which defaults to capsule.clastix.io. + +To keep things simple, we assume that Bill just creates a client certificate for authentication using X.509 Certificate Signing Request, so Alice's certificate has `"/CN=alice/O=capsule.clastix.io"`. + +**Bill** creates a new tenant oil in the CaaS management portal according to the tenant's profile: + +```yaml +kubectl create -f - << EOF +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: solar +spec: + owners: + - name: alice + kind: User +EOF +``` + +**Bill** checks if the new tenant is created and operational: + +```bash +kubectl get tenant solar +NAME STATE NAMESPACE QUOTA NAMESPACE COUNT NODE SELECTOR AGE +solar Active 0 33m +``` + +> Note that namespaces are not yet assigned to the new tenant. The tenant owners are free to create their namespaces in a self-service fashion and without any intervention from Bill. + +Once the new tenant solar is in place, Bill sends the login credentials to Alice. Alice can log in using her credentials and check if she can create a namespace + +```bash +kubectl auth can-i create namespaces +yes +``` + +or even delete the namespace + +```bash +kubectl auth can-i delete ns -n solar-production +yes +``` + +However, cluster resources are not accessible to Alice + +```bash +kubectl auth can-i get namespaces +no + +kubectl auth can-i get nodes +no + +kubectl auth can-i get persistentvolumes +no +``` + +including the Tenant resources + + +``` +kubectl auth can-i get tenants +no +``` + + +### Group of subjects as tenant owner + +In the example above, Bill assigned the ownership of solar tenant to alice user. If another user, e.g. Bob needs to administer the solar tenant, Bill can assign the ownership of solar tenant to such user too: + +```bash +kubectl apply -f - << EOF +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: solar +spec: + owners: + - name: alice + kind: User + - name: bob + kind: User +EOF +``` + +However, it's more likely that Bill assigns the ownership of the solar tenant to a group of users instead of a single one, especially if you use [OIDC AUthentication](/docs/guides/authentication#oidc). Bill creates a new group account solar-users in the Acme Corp. identity management system and then he assigns Alice and Bob identities to the solar-users group. + +```bash +kubectl apply -f - << EOF +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: solar +spec: + owners: + - name: solar-users + kind: Group +EOF +``` + +With the configuration above, any user belonging to the `solar-users` group will be the owner of the oil tenant with the same permissions of Alice. For example, Bob can log in with his credentials and issue + +```bash +kubectl auth can-i create namespaces +yes +``` + +#### Group of ServiceAccounts + +You can use the Group subject to grant serviceaccounts the ownership of a tenant. For example, you can create a group of serviceaccounts and assign it to the tenant: + +```bash + +``` + + +## Rolebindings + +With tenant rolebindings you can distribute namespaced rolebindings to all namespaces which are assigned to a namespace. Essentially it is then ensured the defined rolebindings are present and reconciled in all namespaces of the tenant. This is useful if users should have more insights on tenant basis. Let's look at an example. + +Assuming a cluster-administrator creates the following clusterRole: + +```yaml +kubectl apply -f - << EOF +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: prometheus-servicemonitors-viewer +rules: +- apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + verbs: ["get", "list", "watch"] +EOF +``` + +Now the cluster-administrator creates wants to bind this clusterRole in each namespace of the solar tenant. He creates a tenantRoleBinding: + +```yaml +kubectl apply -f - << EOF +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: solar +spec: + owners: + - name: alice + kind: User + additionalRoleBindings: + - clusterRoleName: 'prometheus-servicemonitors-viewer' + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: joe +EOF +``` + +As you can see the subjects is a classic [rolebinding subject](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects). This way you grant permissions to the subject user **Joe**, who only can list and watch servicemonitors in the solar tenant namespaces, but has no other permissions. + + + + + + + + + + + diff --git a/static/images/content/capsule-operator.svg b/static/images/content/capsule-operator.svg new file mode 100644 index 0000000..230f1d3 --- /dev/null +++ b/static/images/content/capsule-operator.svg @@ -0,0 +1,3 @@ + + +
Capsule Controller
Capsule Controller
Capsule Policy Engine
Capsule Policy Engine
Tenant A
Tenant...
Tenant B
Tenant...
Capsule Operator
Capsule Operator
namespaces aggregation
namespaces aggregation
namespaces aggregation
namespaces aggregation
tenant isolation
tenant isolation
tenant isolation
tenant isolation
WorkerNodes, ResourceQuotas, IngressClasses, StorageClasses, NetworkPolicies, ImageRegistries, ...
WorkerNodes, ResourceQuotas, IngressClasses,...
Namespace
A-production
Namespace...
Namespace
A-production
Namespace...
namespaces
namespaces
Namespace
B-production
Namespace...
Namespace
B-production
Namespace...
namespaces
namespaces
WorkerNodes, ResourceQuotas, IngressClasses, StorageClasses, NetworkPolicies, ImageRegistries, ...
WorkerNodes, ResourceQuotas, IngressClasses,...Viewer does not support full SVG 1.1 \ No newline at end of file diff --git a/static/images/icons/cncf.png b/static/images/icons/cncf.png new file mode 100644 index 0000000000000000000000000000000000000000..924ea22aa4c9ebac1d173ba12000ee5a0feb56f1 GIT binary patch literal 14985 zcmaKTWkB4_-tXe>UbM8hdvSLyP~2g0E4mbiqD2eET}yGd1r}(b6j>+^#f!UJftx<( zocFyS?z#Dp%_cLG%w#h2lmEnMX(-}gKEnioKsd@ua@rse!ZC2HiH-{F`_|RdfgcJl zc>^yUH(M`XOAjze+Q!WaOsDK(X$RH@TiW=&9RiDiKuFIWbPc==)YU|+-CQ^=|EA%D zxVQtkK_D?nh`Xh=6WEK+3T)@#Do%gg*+Wm~U?WbiFQCq??k)?qcTjrg0oHk^p=REjn2@ z4=|koryz$l4?i!RkT55YAh$3tKRX>SH;)h(w-6T(9|t#&2)CdJpD^9OH+tZ19yYcj z+Hwm2z8COMoZjBc%Uy(v%h%VJ)0dCa&BKn1M_5>xi<_5=mzM)b!QtuW>SYPxaP@rg zpAzK2p4J`??p_XVu5^D(w6t>b_7bNDp7dW;aB=^iVqHD|-Aq7(aX~EIxp+9a|5oWg z3DwpA|4Ch3{wKAkmp1r+pZEV+u&1t{JD5uw?CIw1VGX=E+ZTUtqD%lnG`O3|I`^8tq;rQC7JVO6rYvw#JRrzJI93ij^ACi3v4F8JRxGNZg^7n)sp>X)G zm!wMnzK*>7uam$P>LFRH(0v_$|9jto!NH!^wziDz!$WF@^kFzT*r?ivG+)Eqd}Sj! zIT;=q6@^#hW7gEvbdZ;m1C55PZEO%(-%tm0g*=0O(Cq!N5=Qpo5&Q49e=x+92 zUB@A~bI`Z4TF1az)JG|P(L3ecwDxOmZq89>R#8#$)5F69bs9AL?#(rqQ5XV0R{x1L zxn$zEuV1G=SW<-?Z`^#O>_j!B9fHF(o3E%#OG{mn*iss($;lzF0|Nd?I!~9Kot<%V zan(xc%v!#u866!J5Y^bd*qxk(!{L%g-yh%l`u4a@mZ@vj2Xk?9N^EX#r}v)jY-DC; z-e*eczIlUFET*Z0XCdZGOiH>nSG0_{JRRj*+PI*bAjq(oUH&Y7%SKwdx0DdlN&e~6 zr!IuJ4)na@>kjXIR5SEkIp64ZmXrpR6-O7LZW>3EGYp@(flg<(v$GSaJr8Z? z&Qsit(G)MwH2liml6VTn?8hW7{y<zfwj%fwHar{v~R+wNs1 zBqXS}eD?JAzO>#!Dy=xhZvPo30e-@@W1S-S6Ors5iS{$A^#eZaG#h_R7$PnzO3-b$^2VXFKEhXZQQ}?`@3E6CNKQFS!X{#h2ID*TcWT@GzkA8g(xv zaj>u!)nP7Nn=O|8sFLvt=b9lmX36J8JdBKGuqplu4oIOEGjyo3oK8ylZe+vM*4B3Q z>sL7}seqo0y{+TpWBL6VtL^6@8#ILtIKr1`(a2Q-!o~&$Hz9*gK2bD_)(*EzOG|Li zO9a110s;a&)m4|AN83%sP9x;zs;UDHNVxGKik@1LgBEjpd3JVoEdh&rFp62p+|NZp z6q(=CKu4l|p{W!GK4<3O7*(v$UDnaj@sv`Fl-JeOr5c#*wA!K$*>)_v{>Zbkuy8kK zl)`nf5n5AIgHqF-mzmkV5_<+;?~o7{t_Tgfk;8^^s}j((?dGVjsjQHynt55-UvvvL z+p;}&#_xAOMdS56{qbH)(^SpL<#amEu2brjy!6>zsWgg&6Uq*zrlXePKwmbuS`wP0Cg6tH~q3>`2u%G@R|$)p5Id=JjUWl(ioho~|+H z_BBhmuuO2G?Sz}f!R2(WVSEWiV5u5va>lz=ii^;kN^u$*n${2Uwj+CAi!MGZsG2tk zG44FRDEALG5#W8kfp`Lcrx;B7dviXYw$Qo$!c>_@niM0xwsr75xd;l3s7#C52Lpu- zvw)nEvJx8uLl}9#3kOjUbu}v^KR*%4Jt8qN@wo4}6J*kDLXa9582CnBUS2;|seFhT zpH)ok53huo)`Oygfj>HRV<`j!rUGHws(6?{jD0TE87EKRYk)kvtu0&!0sZ5D)-41q~R-RQpBL`{O{5 zHPuIz2x(PSRj-ktTtek0-|rbr0zrN=HRe5!D60FW+S+HDJNA{Wdxc9Rw&AVKUekAT zcH4#6&mKuUEr?;;r0JaEGZL$7hetlLw)U&zMi(X^8ESHS2}I%}`jA^V3JOYke>S%f z@k8;7Ikdc{=E(I|FcXL~gr!7x2KY23Lpr6Lp&-bw(N<@vN&C-|r)%2XXRFG->z>p{ zsF!CwOP8ZN>Vr%DCN?k0l1YH60zlOxkX* zudhE!`#rOHS~zm}k`EUuS6e7T%f#L8K!YANlr6h|&f*?hZX%(j>fU+?S3gA)LO}~) zzMs8odYxr%(sAOh1E&-y)|qg^X@bl-- zliX)xsu~(skx_!fgQCn|nR#5Mi$o?4qzw({3F@aRIy>+ASFX5qN_1I~sxZbq-edu9 zJ52Q|EG+B~=;VGRBk+#Ryx`g0P5{p-j0M37d6nXM>~$L`N9?@S_+5Sld7hGqs!YX% zz1eoQM0lwL0{qvylFknqWcYb>ufMOJEx$yVkcTK4*XPH&jHhBRrB*zb+5yLHYP!2v_BD8FbB+sM3;xCtbuZ* z*)XX-M9HX`Qa`bCKlF+DnQpASD{oLY5hS1a#TQF~l|ElMa4U2uta_%~DJbYMDuAG> zZQC(Zj*Xd@_l$~jnc#I@;oP3OLWBut4}AU-Mh^V|m*U{ya9KO!wfwE{S@(-TI)|sT zb5#slk}UFGR$x<3-!z)5t1E4E^@GL|t51K~P1I!SBkeiDjVg}mphlwReXWlr6&2O* zOa5uc%i2P0&BgUVptF<3Ue0pBj)yMw3q|5j#2Dpdf{+4A^59|{#WXgj?JoNM};od0JbT0QojO5MzgJtqL{Br zb6Ep6**Q6nwtot=)eH{}wJSRx`rb(#i|=CejA38}s1EQ&JUZ&Yvp>B^d0S~h<9UnP zV9>HWmrYMk-`(q-OE1YGY!ZR=KGh@^l-3IU@@3Bfqeh>QMQ{(VCKJm0OvOu~%bpC;1*bnaysZU! z3=V&qy}7x01RzHIi@gZnTXz?{;?wTBx|3s@H*ep*H3z=GM!r*TXIjkUEsUOf7b&w20Yj%83Z8;RrL^(-iOcYV(SXN87_;u^^ieA;#?pyVSA zYL*_N{@PM9=@ML8f4?+vTJeVDtHM3DUzOmJx3pAMRtWiqW`1rV+`z6OAySvfczmsd>=rk_n=vpP+i5T4GE&i{cRJM5MP@5 znL9xM;u)1{zkRoIQm0Qv@}u<=_Npn{md}SPrEyv?;~!RmXiC_2dKzaycg;C`^b1A0 z{uS`bg10-4j*hx*6WlIOPVCp)IjO;Hyw9kqH{-mvRNrr)vobT!vAitK)2?W8`biWa z^Y+E8_te{kslsPXk&=>(#<;-mIzkCsu04K865f18Zw*r}g)2w6yu}YWDN;@_aJ8BM0HaG)+d;1Ip|K z4_*)7zki=L(Mg(|oP5SJmBPDsdbrEKYmzjP)70xg_yIJ4Z)B z){2UQ!)0YP%13m;-R@)E?5wN}y9B-5pxQ0f;9n~%!Dw~Xk=CT)o{l*S04TU5_xd*K zgaJcCMg4-%#@KlK`by|e8+52HCBSh-q9giqU7?{tf~_N$1obpjt7n(Z+~|c~{Ep38 zlS!dyI=Cme&71!Hz}AM!|9#!wMy%3gG!QjBmPiZq%EhX}$ zb5&J9g41G=upI2Ujk<`C(DmRX=Jk~_SQh77vZHi#TW|+DYt*s%e zTA`c7+cbTzqN?iGi(+PwSK*Xum%Bd?kY#^;&*0vaHU5&{9=E9(d)fK?hjB-Xb(4UiB`<1V}(C0bR`le4pTnfoFxPdf((0TZOhMdzt3 zoz(D_WZ}H-d+}LsgL~3%Htygk`XUbAfcwcqbp{58{4BV;b#Tx*6Q@fmyikkhoU5wdz1qG)rfL;g$ka|l=!CchU)%`gF6CdA~&ocKDr9LTZ z!>l$?U?&$}zrN3MGa^Eo{t~SvLWOu7yOCKq-dA_WMPn^101PjF-Q3>~n$?(B&)aLb zLUZOdlk%+t%6me&dhqu%uyAnR03_acFn@B?*8Yi`)v?wQ#SU?EJ7(e##;E|% zIx#FbSVbkawU8aO`kDt30uUm6sNfj7n+nGK!h*}9^l$4xnttPe`uDLmTXXl)<$&t3bGQG;&kG!o#Me7XYNqk>}$9P^z_B1(6mW5l< zct%7-h~C}bAEp_`+nTiDF4UiogncYKm?ebtV|0uXTE~g`K#qjkR79(fbaORY9*zTx zkAi59tQTh@0y$eywHaFgYA7C*L=!Cku}_oj3b&9r8nlUuedWceRp?*_@mSm$M+rIA zL>O?(>L81C5Qlyc$KPADwz9H0@F+BS04RFm<<(V?xS(K*jM|@&^;47&94a#SxrMqUOna3YTAP zr@lL_Xl-}uD|YDx2lHcNW3S06Uq?FKiGRLK#lck3N9PWTxp$`b)H*Q*IIWS+DlCbp zS0tR!RO_idjQ*u8CT;LVjQVWPU!v9z(LNi=`-695bDCUY152Ud_Rh6UKWVmwW!t}f zoBYw=l^^XvqC`RqcWfr8M`=Gy584WpGe31?5??eiwb7%d;E1}WDVc% zoE=JdO72>tswcU~RGYTzWYH2C3yc+68ZjgwWA&l3fq^a4u$Nn}#rXDSF*O(tw zeM$B$XHqp%gMds@*F#dT)BCFzP*-nT+bs?crxH!;n>YPFt zBO;m3_e|pbPk~>8*)`*+MT$*-T@LInr!O#lqm9s*oW;VzO8-dMKi{Z6$E3FHTBfZ&)8|%{-7hdhn#|00g{DN)2oqc?+2AY5S>0EsSaFuHz@BZ$t zUwLKoL{&(0rBIcB2ebBVLk=43X-eW`F8yI_USW$fJq6!0PvOehWiUpN40KXbQj&nENTX_7*v-_@VVeWFkflT=~ zAwUWYU%%$DaN;gFGcq<7z>J`uqS*x%q~~-U3`nWlZ%50dBpjXX-E#(;douSX78m`!I6{5B zyu8HCJs9YJP431XHriK`Z$5icaGsNv!22_qm;Cf-4F9gDDC7uy=npZND_rfM0KLwp z^Z2dhbR*MMG4}=8oa}5$@mH^Id^|lH2aKc&wv~B+siH?_xrzb7QR6C(cVJ+Ernb5| zw+@91y$SdVB|``{?1tYneYV3DD?+O>y(_R|Va9k`Vr6_WJkA;7GY#l3C{3ufx~$C& zZ=_zLY3(I`bT&8>tLE{fHdPJiZ)@3|DBjrE$m#9d$wr=kRt(@1&9(s=Q&lCUxwTlA zMo9j3D-pc}do=pHPk6AWp8^-d>%FJ(39fVMhRW9iXg8#u2sa~r>osKioeAwKc7Q2h zF8_M1ZccM%YAPrr` zL5Z9b26XqcRt*FG0zk_I%?oV!O$IL;V$LS|@v&FG%=Yz#jiyU5e{Tj1l0iW7ut}nVJ{%7rJ5#=} zo?DIqQ%=;E~)pa{Ru%t}BLEt|5-M076#Y5HciMnyS$>CI8#am#gg3Gtn_&4mQo z*vJ9$*Uz0NttNp~k2j3}Sa%a&=(FWa%<*a82H0BiKy8$~x5f$U1~9mB&Dq2EY2^LchStUOP)f2_kf zbN7!02<-ZMvv)cxc)0S3h|Y}b5r0?D5BYv&`xDCmO8;BRM>z2*lo$`pT*CIRs5dIo&i}R}S4T^p)M6w)(iGiD zRbjVzd;X-Jc$AnX3{m};aTzKUUb94g{l1Z~3B53Ie&~Lk_~)~>e=JYA8fhBYQR`&H z<0WR%#XB-g;r+#x{=ipEVxJe2Q)lYi_A@l^XBrb@=eQ;VB9E zUrk0on37#=uB5XgpWMqe{HpA8x>v`cVwS)8Ls2lh@!mhp3hX?1Aw;k77t_A4k^w5H zM@jHF&&~MI@p#uFbl>-C%M7{7Q|Qv*8~<5~R!?)W!StB_)c^ zqlEWb4>~GDP|(n5HI$Y8qK-{*aB%JcTdIWzvW$_3CGw@Ax!GIDW=HzF4ZqFgaJ0!I z*YC3zs<&GD`qv)-d@19Z{~+4KFtDAj2*2u%da~W`437E|Y)=W9Ii5a?vhPPA@67Y>NXF7Zf7<7lAf5}e+;H>TA z1Q*xzx3{8NF0TB`=#Gf-kcI$Wlopqj|b~#UhMt)#Rvdl)>Gm5dVc3a!!tlW zLxZh&dEVFz*CQJ~QP@0~pu)Fd=cY103cJavsh98!l^Lnk?g)8{Wc^CGM0u8J)PU#@ ztC(&%KUy~cJF=(_gipezRjI*ozUffznAtaQKY)zl@kGFYIB{Z!cK-PzHhfS~kRA-@0H zwOa&{=<+v+n(KCm4#2P`-<<$H>_nX zF?~`}(x7+*RvYKHVZMQZ54l=ac%YNtT0tfrw=`06Sl>vUhw7WS5q*kXZKK{JzRYTe zbpjpcz91Ja1-YkXW8w8 zMW|mRUZXhj&ds5#^)((gc8P&#T1K#@y80m}D=VuFi1&CNp0vVdF-{XolPXK9zB}v% z-6uKOenJ@cJrmYG5S%cGNcghF_iBD4bYVNy!Ba3KpPE{RZme0|X)$}WtA~uRqWjrr z0MLC5p`_j$VuE_*iqWFO#Hu=cg@05%UoE?jNX3B96Tyry@PlSQ3NnBCVUN&=IcwoQ zr;b`d4eHZk9yDx#ep^0HV`a70)zRUzMQi^P812^-PX6FKB)aJ2*3;yx{zH(P5pY z+090W*#Lx+X0P3j8|m-=IUXgBy0ctW#m)eo$8!)_m_IDwIojU#O)7iH1xqj)&CVR7 z=lKcVyoV%PMXphkJ&c$iKg({pz{k6Hd88vZhJQt>+(+CKX zj?4wEtI1D>)q2~UoScuy;mqU1!^5NQlGXjl$jAYG0cofdKh$j5s)vS#48?ko5U-D$ ztIEpCy6{J2Z5SwzW+@3)BDc?|J!iNt;cgU^l;=ExE-F8g;)p4+o5}zMIe+qLduxlZ z(7v@_^bce8CLbE@sD?#|7b!9E%eh9piDjk}!&6a+J7puD)-fviE4G`zme(houA4^9 ze2Ff*hr3HI1GaQvtTUeDMTR>#czHFE%+^GX@H_EmK|q`RS_+E})R{*>V2mj}C`tXZ&vqEtueh!<5Z(EUT<4wr`sP%ue&8aIrZzu2Jo9KtD0ufq zPcMiH0Hl_~9so_HRAie=d-i3Sgfu~$fv}HN}pBupsu1>+er>kuv z#37T9C$m}a%zDIx@6w8tz#EQ;Zs@(7E#tscM}h9)2*||f8#C57ziRab-`t20p(Cz# z5XEi@mklCBoa^{xY8gcVs+gNaPjG)E&c%Tzb4tVLCNF{sE%JsFXNZNf1lp=m^78^< zkRAIf@^L=ljfV%XXYQ`r37XXYyQa(Q5oweS#)aj;=w9C_jFWbkdD!{MP2W^k%SCEI zYVhLHk|`w_+4Uz9k6Y6gY#eNCuYP>Q{q%2>(@5XpRWULI;;8sgl0Y}Uq)@1{z%@ly zOl(}7mo+6Kh>=*|z~whJrF$2?MPMw(Dt|ag_Gb6s;2=A-}5`hP$w`E-tIRXRnN|rQnaGkwekr^_UM$c&NR0GPy5bt7Y>! z*r{AtE}(IyXXnY3)3sbL+|hE;=(?D2z|@_7{+4efwxO*O!nAm{re#0hcKia-2D?Uf z#HlWh)>@-yAEkbp+`aJ!dzhWrXbvg;erH+PR!I9{*t83O5z(?ok@zi!+c_9}KzZgO z*93bqKjCFaB^h)>((rk@cao}a88!|s?iIfKIRy_$lI!BUiEj~aCpG@^3$sRNC3utrX0wq$9f_ zg_K7j2f>QOZ>)`1bi9jo2mrDe6clu-#vr@s`d;JoXBxV72o*W`jrZ2d9gCVY zs-~Wv9=8jvH7jF;aff z!X-2Ep%qoTLbrU>kA`NEZunsM8&MNEpr*tmoQ4Ntk3ET}7}TPtIjAq3&&sCdj( z_4TJrq~DW-&fU(qO-h%zr#$9$3P49LGWnXy%F1?Vb)zFACVO!$TH-*cU&q{KD9?JG zQjqn1@^gL0Ta0bX`KCv}(j?9a>$D^e9C1eDP#%9)-?)i#iDS7d+1SDe%37S-MvzcF6US6&htu!SjSe}^~xV02-knscLP)tFIRRYJYt*tbQ0Fm6WNyEb^ z-*lK6rVKUG#ak}i=dVD+Y0_#gmn95>W#>{2=*zj8G+fNgZArEWnGF~cPq6uoNT2WQ z{b{8Pjb11h;1{YZKW=RmJ|FMx?HyUd?P0yQj3{5**&##|#P1xFp6pES)k)LRIK^fJ zPaqFBUeO~c7&7bdE4hhNy=sy^+3(ir%9%MM?6$AJOMwZY;l)7Mfqr8I0qiX*6fn_i zES3|cJC&RcTDB^J^2;cl+;?YUTh*P$ngmCWqGDoVT1Qx-i1GK`qz8{CEM*g->#k+OO&!B5l;m3twV+J@jdnV+)m|O*7p@o^v4>Fb+ zKr-452>}UDK8td{GMv;X)%F7z&U6pboyE(W_V9x7Uvo5%fNgn?fq~J`EYl>YK4b)o zvWPsxV+VpbHn3hb>TwD@8+8GOS{`icFQn#NuOQeQa|PrrD|Np|BuXth78Vww=-@pT zhb1>)ef`;O5LL7I3fEUiVJ;1MPBJmCJPub>k*rG< z&hGw%4!UlvMXLmy`qTc7!!OG$>Dmndi^G|kP^-(#%Id&2?`cGYI?aJ)$caWTIuO%G z-PzgE^-NCQafR{THa=f4HOIqi;jv(eCXXhpODcr>(uVj`S+wZ144|txr~(6IwdG=p z*+lJM(ltN`*QwUiX{kp_aE)R(#RMInlAv~|Y$Akfx*Hx;=srW8X+hce!P=j5h1XAB zWHIGZ6@Z;T-$@HZ3WePsg&uYI0^lZR?qf#A-2J>=K8JA{7A~%j;|b3uhsA@9Yn)~a zfwk%hsro{!zPY*PFg<3!+w0e_V^aB1pS)W!p$rXp6F$!%rJf^?7K*Xis!e8qq*Vq^ z!>ASNAK|qEIDncOx<;JrM8^sKcP#Yvj4xkcbS<4f%Q<`@K+&7s&a8?Sf_32Q=s;GQ z@F#xazK7NR+KgD5d|E6&v!1Q}A#T(b;YyCrJ%;a z1TybN&SNzfNw^vDDknYNH=ggelZVI0mc9r+uR24%`tjP~F|7iSxF^xK5GLQ=If<|Q zEvLeRJ6(icvEjA=_cO?AOdr2UD?6hGTn>&A_vGe}sE2o!{4s^N=fzTBTQC zTwEa8zzo*A#zsb}(6v}OI09El28bDsEhzQ5Q$61w6qj}nbY&ax>5KTR<1;UkScjFx ztAA3ZfX?xjXjd3>x-zG zH5s{J7^6)RrX<-FR%+J!+Dct#duk-5rZ;J8O36pe*}Gd!??+-&-y6{sQO=vDtnRozMa`m4`w^P)GSOcsYkxMiD@BjN2SA1BBbTVp3y{&8 zeAH%Wr8boz4aCyos9b?asAKIX$jo@P+QB_`K)6A;3FnH<_wNc0S6a3dkJ)fc*LISg zV4U#N?UDB+P4Va|`}p_xM1(~#F&H0aR@T7Kuh=ycJ$494o1%hNOP`ZG(}kfJSyzj& z433jRZzdq}J^$Gm`J^*x(@xvYS;}Zz$ z)sdoca9VP5p@m;6mi_g#0%QThuW;u$n9}>M0HzVwPl*F9Oc}EH{t;Wg5qjh>)ob-4 z&BJoiU?3RY;&Er9;r$hISRm;ok{e|P&%q0P%khPJWCp{r`JEx*OApL(AGa-WAl8?f z`Gb>xo=_f3NiH(#12VOoC=pfnadt~`T6#K>mids0RhZbpdppyF?nmKCgWaPe3ADS7 zkb3Bo{q8zS1N17uz`pPLdb_`Oe`$E0+Z>Hpov;PEd{n^oqz)F@B*74w9@(y zueV4aPLnWavbKfs8{jM*$z`MtU1YQrqAP6@@)nX+y^9%ioxSE#DUcau-m5bUvSxx!iLtFk>0uwaSE}=pv ze`32!h1#mZ#q9_wlE=3-Gew3pvjoW~dNJdlgDsDAGlJNrL~n0z**szmQ8;ALG z4qaX~&denj*0EDQA3vRG!caM7?C*4tN_oRV8q}XHf@-~<#Il^Rj>Umyv6{E(cqV^) z41{#Yj(*~TP+LY?^F^Eu!Pw4>Hh}Qj$(ZG9MPP9S?w2T*TOk3|3;4m7hz0%MH4fkV z?Y4g4A07e=4Cb9a2o~Xn9$e&H(G3*x4>yo$%MkdO{WTaQu~Mr|4|W|-&MEAMQ~@uH zKi*B}L77jJ>RsWW-d#LyY}m4dqhpoIDhF>E)90VH!-3D`dVh)&n?#2CBUOLO=)hB< zM-01EwBGiiWJ^Kp{_9e`s2yGq?ENB%y?Ofp_%TlD0FEP~ggflL1t@HKe0)5g3#n*+gJlPaH1u^V*e6m$IomP3EEu*LTjnrrk7E9{5-Em(H%&d$!Uj9+G#!ca}?+AkX# zuvm;8alo}S?o^vw^6RUTkSo;J{1SWLuvLDmCrO1MNokuYHM*eD$Y9f8E&5v-7=&`&3rizLR2Rx}ioEL87d&fvY?Ym&tw@2omXptcY zijuTEyjgf`Ncb#ZvnUsKb(H=*vVi0Ji^==mYGUUz-EYGLDTfwnMC;>n^iQ$vRRqrQtK=Z zTAwzzVFzXcoQ-*KJ?q)ITTnKy<&wqqt_a#ohv$yB{;eYf%0>;7eQx)o)!X7MnH2wC zD3*n-cdd#GAI3uN`D0Kz)%>qZ)p~c52&f?c26b{V1Tf{_#i7db8gex<7GeJf D)5XUA literal 0 HcmV?d00001 diff --git a/static/images/icons/cncf.svg b/static/images/icons/cncf.svg deleted file mode 100644 index 6b0319c..0000000 --- a/static/images/icons/cncf.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/static/images/logo_cloudnative.png b/static/images/logo_cloudnative.png deleted file mode 100644 index f3bdde0..0000000 --- a/static/images/logo_cloudnative.png +++ /dev/null @@ -1 +0,0 @@ -{"payload":{"allShortcutsEnabled":false,"fileTree":{"static/images":{"items":[{"name":"Kyverno-Policy-Structure.png","path":"static/images/Kyverno-Policy-Structure.png","contentType":"file"},{"name":"ci-fail.png","path":"static/images/ci-fail.png","contentType":"file"},{"name":"ci-pass.png","path":"static/images/ci-pass.png","contentType":"file"},{"name":"kubernetes-admission-controllers.png","path":"static/images/kubernetes-admission-controllers.png","contentType":"file"},{"name":"kyverno-architecture.png","path":"static/images/kyverno-architecture.png","contentType":"file"},{"name":"kyverno-installation.png","path":"static/images/kyverno-installation.png","contentType":"file"},{"name":"kyverno_website_graphics.pptx","path":"static/images/kyverno_website_graphics.pptx","contentType":"file"},{"name":"logo_cloudnative.png","path":"static/images/logo_cloudnative.png","contentType":"file"},{"name":"nirmata-wt.png","path":"static/images/nirmata-wt.png","contentType":"file"},{"name":"nirmata.png","path":"static/images/nirmata.png","contentType":"file"},{"name":"verify-image-rule.png","path":"static/images/verify-image-rule.png","contentType":"file"}],"totalCount":11},"static":{"items":[{"name":"favicons","path":"static/favicons","contentType":"directory"},{"name":"icons","path":"static/icons","contentType":"directory"},{"name":"images","path":"static/images","contentType":"directory"}],"totalCount":3},"":{"items":[{"name":".devcontainer","path":".devcontainer","contentType":"directory"},{"name":".github","path":".github","contentType":"directory"},{"name":"assets","path":"assets","contentType":"directory"},{"name":"config","path":"config","contentType":"directory"},{"name":"content","path":"content","contentType":"directory"},{"name":"deps","path":"deps","contentType":"directory"},{"name":"i18n","path":"i18n","contentType":"directory"},{"name":"layouts","path":"layouts","contentType":"directory"},{"name":"render","path":"render","contentType":"directory"},{"name":"scripts","path":"scripts","contentType":"directory"},{"name":"static","path":"static","contentType":"directory"},{"name":".gitignore","path":".gitignore","contentType":"file"},{"name":"CONTRIBUTING.md","path":"CONTRIBUTING.md","contentType":"file"},{"name":"LICENSE","path":"LICENSE","contentType":"file"},{"name":"Makefile","path":"Makefile","contentType":"file"},{"name":"README.md","path":"README.md","contentType":"file"},{"name":"go.mod","path":"go.mod","contentType":"file"},{"name":"go.sum","path":"go.sum","contentType":"file"},{"name":"hugo.work","path":"hugo.work","contentType":"file"},{"name":"hugo.work.sum","path":"hugo.work.sum","contentType":"file"},{"name":"netlify.toml","path":"netlify.toml","contentType":"file"}],"totalCount":21}},"fileTreeProcessingTime":12.921994,"foldersToFetch":[],"repo":{"id":301256854,"defaultBranch":"main","name":"website","ownerLogin":"kyverno","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-10-05T00:36:51.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/68448710?v=4","public":true,"private":false,"isOrgOwned":true},"symbolsExpanded":false,"treeExpanded":true,"refInfo":{"name":"main","listCacheKey":"v0:1708692136.0","canEdit":false,"refType":"branch","currentOid":"fc04b8707594cfa0ba839cd76bde6fbfa1620a9a"},"path":"static/images/logo_cloudnative.png","currentUser":null,"blob":{"rawLines":null,"stylingDirectives":null,"csv":null,"csvError":null,"dependabotInfo":{"showConfigurationBanner":false,"configFilePath":null,"networkDependabotPath":"/kyverno/website/network/updates","dismissConfigurationNoticePath":"/settings/dismiss-notice/dependabot_configuration_notice","configurationNoticeDismissed":null},"displayName":"logo_cloudnative.png","displayUrl":"https://github.com/kyverno/website/blob/main/static/images/logo_cloudnative.png?raw=true","headerInfo":{"blobSize":"14.6 KB","deleteTooltip":"You must be signed in to make or propose changes","editTooltip":"You must be signed in to make or propose changes","deleteInfo":{"deleteTooltip":"You must be signed in to make or propose changes"},"editInfo":{"editTooltip":"You must be signed in to make or propose changes"},"ghDesktopPath":"https://desktop.github.com","isGitLfs":false,"gitLfsPath":null,"onBranch":true,"shortPath":"924ea22","siteNavLoginPath":"/login?return_to=https%3A%2F%2Fgithub.com%2Fkyverno%2Fwebsite%2Fblob%2Fmain%2Fstatic%2Fimages%2Flogo_cloudnative.png","isCSV":false,"isRichtext":false,"toc":null,"lineInfo":{"truncatedLoc":null,"truncatedSloc":null},"mode":"file"},"image":true,"isCodeownersFile":null,"isPlain":false,"isValidLegacyIssueTemplate":false,"issueTemplateHelpUrl":"https://docs.github.com/articles/about-issue-and-pull-request-templates","issueTemplate":null,"discussionTemplate":null,"language":null,"languageID":null,"large":false,"loggedIn":false,"planSupportInfo":{"repoIsFork":null,"repoOwnedByCurrentUser":null,"requestFullPath":"/kyverno/website/blob/main/static/images/logo_cloudnative.png","showFreeOrgGatedFeatureMessage":null,"showPlanSupportBanner":null,"upgradeDataAttributes":null,"upgradePath":null},"publishBannersInfo":{"dismissActionNoticePath":"/settings/dismiss-notice/publish_action_from_dockerfile","releasePath":"/kyverno/website/releases/new?marketplace=true","showPublishActionBanner":false},"rawBlobUrl":"https://github.com/kyverno/website/raw/main/static/images/logo_cloudnative.png","renderImageOrRaw":true,"richText":null,"renderedFileInfo":null,"shortPath":null,"symbolsEnabled":true,"tabSize":8,"topBannersInfo":{"overridingGlobalFundingFile":false,"globalPreferredFundingPath":null,"repoOwner":"kyverno","repoName":"website","showInvalidCitationWarning":false,"citationHelpUrl":"https://docs.github.com/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-citation-files","actionsOnboardingTip":null},"truncated":false,"viewable":false,"workflowRedirectUrl":null,"symbols":null},"copilotInfo":null,"copilotAccessAllowed":false,"csrf_tokens":{"/kyverno/website/branches":{"post":"zb3gS-AB9kL86eN8o8MFsqm5lffl67WtsTD-X0-b_20rht_ie5vBARM-Iozs89khpHh3t6duteu7QAaZE_Ehpw"},"/repos/preferences":{"post":"8hC8wjr5cYxsA8mIw0kv1J0pDPeqhhh-t_l5CU15oStvOp-6NucVm97KYBn7FpoXOv1iurhPh5GPByF26Q2Oag"}}},"title":"website/static/images/logo_cloudnative.png at main · kyverno/website"} \ No newline at end of file