Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs/encryption: Document limitations and workarounds #15876

Merged
merged 1 commit into from
Apr 27, 2021
Merged

docs/encryption: Document limitations and workarounds #15876

merged 1 commit into from
Apr 27, 2021

Conversation

gandro
Copy link
Member

@gandro gandro commented Apr 27, 2021

This adds a section in to the transparent encryption getting started
guide explaining that due to potential delays in IPCache updates, it is
possible for both IPsec and Wireguard to send out packets unencrypted.

@gandro gandro added area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. needs-backport/1.10 labels Apr 27, 2021
@gandro gandro requested review from brb and jrfastab April 27, 2021 09:46
@gandro gandro requested a review from a team as a code owner April 27, 2021 09:46
@gandro gandro requested a review from qmonnet April 27, 2021 09:46
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 27, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot added this to In progress in 1.10.0 Apr 27, 2021
@gandro gandro added the release-note/misc This PR makes changes that have no direct user impact. label Apr 27, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 27, 2021
@gandro gandro force-pushed the pr/gandro/docs-encryption-limitations branch from 4c6d0da to be3884a Compare April 27, 2021 09:53
qmonnet
qmonnet reviewed Apr 27, 2021
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if the limitation should have a subsection title or paragraph name, or whatever could “summarise” the issue briefly at the top. My concern is that users need to read through ~10 lines of text to understand what the limitation is and if they are concerned at all.

Looks good otherwise.

Documentation/gettingstarted/encryption.rst Outdated Show resolved Hide resolved
@gandro
docs/encryption: Document limitations and workarounds
5574251 
This adds a section in to the transparent encryption getting started
guide explaining that due to potential delays in IPCache updates, it is
possible for both IPsec and Wireguard to send out packets unencrypted.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro force-pushed the pr/gandro/docs-encryption-limitations branch from be3884a to 5574251 Compare April 27, 2021 11:38
@gandro
Copy link
Member Author

gandro commented Apr 27, 2021

I wonder if the limitation should have a subsection title or paragraph name, or whatever could “summarise” the issue briefly at the top. My concern is that users need to read through ~10 lines of text to understand what the limitation is and if they are concerned at all.

Looks good otherwise.

Thanks! I decided to add a subtitle called Egress traffic to not yet discovered remote endpoints may be unencrypted. I hope that is a concise but precise enough summary of the issue, but suggestions on how to summarize this better are welcome as well.

qmonnet
qmonnet approved these changes Apr 27, 2021
View reviewed changes
Copy link
Member

@qmonnet qmonnet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Subtitle tells it well and looks good to me, thank you for the change!

@qmonnet qmonnet unassigned brb and qmonnet Apr 27, 2021
@aanm aanm merged commit 9565f62 into cilium:master Apr 27, 2021
1.10.0 automation moved this from In progress to Done Apr 27, 2021
This was referenced Apr 28, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

@qmonnet qmonnet qmonnet approved these changes

@jrfastab jrfastab Awaiting requested review from jrfastab

Assignees

@jrfastab jrfastab

Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
1.10.0
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@gandro @brb @qmonnet @jrfastab @aanm