New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add information about securing access to Cilium pods and provide a single page security reference #23599
Add information about securing access to Cilium pods and provide a single page security reference #23599
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
5dd96c7
to
5c82c01
Compare
This comment was marked as outdated.
This comment was marked as outdated.
5c82c01
to
999cb95
Compare
a5cc658
to
e0b7452
Compare
@qmonnet 👋🏻 This PR is very much in minimum viable state. Things I'd love feedback on:
What's missing that readers need?
I copied the existing TOC tree order, but I'm open to better organization--and maybe mirroring page organization in the site TOC as a tiny step towards a better information architecture. Thanks in advance for your review! 🙇🏻 |
Moving back to WIP to populate the file on restricting access to pods |
We usually do that by converting to draft (so we can filter on |
1973561
to
f536b4d
Compare
@qmonnet 👋🏻 This PR is ready for review again. I updated the PR description, PTAL.
Next time! ✅ 😅 |
a5f7015
to
4a57dde
Compare
This comment was marked as outdated.
This comment was marked as outdated.
4a57dde
to
8a1b758
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check with the rest of the team before. Thank you!
When I look at the release note descriptions and the associated upstream PRs, I don't see release-note blocks in any of the PRs. For example, in #23134 release notes appear to be generated from the commit message. Should I be using the ```release-note syntax at all? |
a207b23
to
2c1031a
Compare
If the
You can, in particular if the title of the PR does not work well as a description for the release notes. If the title of your PR makes for a good description, then you don't have to :) We have this documented at items 11 and 12 of this list. |
Thank you!
I do understand that some new edits, or CI-related adjustments, come up as necessary after the main changes have been committed or even after the PR has been created. From a technical point of view, this is not incompatible with producing a sequence of stand-alone, logical commits, given that Git makes it possible to rework and rebase commits. Each of these changes should be integrated to the relevant commits or moved to dedicated commits, depending on the case. Now, I do realise this is not a trivial task to rework the commits, and that users do not always possess the knowledge to do it.
It really depends on contributors. Some are familiar enough with moving around things between commits with Git and have no particular issue with this process, others are struggling more indeed.
This is a debate that goes beyond this Pull Request, and that, perhaps, would be better addressed on another channel (Slack or Community Meeting?). We are all in for inviting contributors rather than keeping them out. Whether we manage to do so, is another story. In this particular example, I understand that getting some pushback from the reviewers, and being asked to rework the commits so they look “aesthetically pleasing”, can feel frustrating. However, I would argue that this is not a matter of aestheticism, and that this is not (only) about facilitating reviews. I find that proper commits for code changes, and to a lesser extend (but still) for documentation, are essential for understanding the changes when looking later at the Git history (with Now, as a reviewer, I wouldn't expect the same level of “cleanness” for the PR from a new/occasional person willing to submit a fix in passing, as from regular contributors. But because of the points I mentioned above, it's hard for me to wave aside all expectations on PR “cleanness” (I lack a better term). [Please keep in mind that the above is only representative of my own opinion.] Happy to discuss this further, here or another channel, if you have concerns with any of what I mentioned. And again, happy to help if any technical obstacle arises along the path.
I hear you, and I value this feedback. I wrote my arguments above, but don't have an ideal answer to improve things concretely. I believe that this is mostly up to the reviewers to use their best judgement and figure out the balance between welcoming new contributors, and making sure that Git history, backports, bisects, remain in a sane condition. Some of the other reviewers assigned to this PR may have opinions on the matter, maybe they'll chime in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some changes should still be moved between commits (some fuel for the debate...), please see below.
All other items I reported have been addressed, thank you!
329ad0e
to
d9156e0
Compare
The title seems pretty good to me, so I removed the release-note block from the description. 😄 |
Netlify preview looks good, links work: https://deploy-preview-23599--docs-cilium-io.netlify.app/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything looks in order from my side this time, thanks a lot! (I'd maybe recommend squashing the last two commits.) Preview looks good indeed. Thank you for addressing all the feedback!
The title seems pretty good to me, so I removed the release-note block from the description. 😄
Works for me :)
ae1b79e
to
0ea5ac1
Compare
This comment was marked as resolved.
This comment was marked as resolved.
0ea5ac1
to
15bb0f3
Compare
15bb0f3
to
8bf55ce
Compare
Signed-off-by: ZSC <sarah.corleissen@isovalent.com>
Signed-off-by: ZSC <sarah.corleissen@isovalent.com>
Signed-off-by: ZSC <sarah.corleissen@isovalent.com>
8bf55ce
to
6be80ca
Compare
UPDATE 10 Feb 23: The description is wholly rewritten based on reviewer feedback and some fundamental changes in scope and approach.
Fixes: #23655
This PR makes several additions, changes, and updates to security content and organization:
Renames
security/tutorial-toc.rst
tosecurity/index.rst
Currently https://docs.cilium.io/en/latest/security/ returns 404, which isn't a great user experience. Because
security/tutorial-toc
serves as a one-page reference to security content, it makes the most sense for it to serve as asecurity/
landing.Note: This page would benefit from having more narrative content to guide users, but that's a separate PR.
On the renamed
security/index
, changes the page heading from "Network Policy Security Tutorials" to "Securing networks with Cilium""Tutorials" isn't an accurate description for procedural content.
adds a new page about securing Cilium pods by restricting access via K8s RBAC
security/restrict-pod-access.rst
links the page about restricting pod access to the renamed /security/index landing
updates the site landing page by adding a link to
security/index
This makes security content easier to find from the site landing.
makes minor improvements to information architecture for security content
This includes cleaning up unused
ref:
anchors and adding/renaming otherref:
anchors to support new content