tetragon: docs, copy Cilium style k8s install #1561
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
6 times, most recently
from
901ba2b
to
d019715
Compare
There was a problem hiding this comment.
So for you to know, names of the files are important because they create the link, for example here you have:
/docs/getting-started/install-tetragon/install-k8s which I think is very misleading in your case should be /docs/getting-started/quick-install/kubernetes or something like that.
We can modify the link independently of the file name, but by default, it's using the filename.
| {{< tabpane >}} | ||
| {{< tab header="K8s" >}} | ||
| kubectl apply -f tbd.base-enforce.yaml | ||
| {{< /tab >}} | ||
| {{< tab header="Docker" >}} | ||
| {{< /tab >}} | ||
| {{< tab header="Systemd" >}} | ||
| {{< /tab >}} | ||
| {{< /tabpane >}} |
There was a problem hiding this comment.
I've made a PR to fix those #1570 and to show you how to make more complicated tab panes. You can check the doc if needed https://www.docsy.dev/docs/adding-content/shortcodes/#tabbed-panes.
There was a problem hiding this comment.
Do you think we should completely get rid of that :(? maybe we can recycle this as a tutorial?
There was a problem hiding this comment.
Yeah I was also tempted to just remove this level of hierarchy and put it in a tutorial.
There was a problem hiding this comment.
I guess it's just a draft because for now it's behind installation/Systemd. If we don't create an "installation" section we can put this under tutorial.
There was a problem hiding this comment.
I don't really get what we would put in this JSON vs gRPC thing?
Configuring grpc and configmap options through helm or directly should be advanced configuration out of the box helm should just work. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
I don't think anyone will reasonably assume that the "Try Tetragon.." section is a production users guide on how to deploy and manage a fleet of servers running Tetragon. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
9 times, most recently
from
f86dcd7
to
d12ba5b
Compare
Developers are not normal users lets build them their own docs sections so as to not confuse development, from deployment, from exploration. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
To get started I don't think understanding all the details of JSON events vs GRPC and so on is important. Move it into a "concepts" section. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Metrics are a great way to pull useful information out of Tetragon lets create a section for them in Concepts. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Filtering by namespace and pod labels is part of tracing policy move it under that unbrella item. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
There are lots of details we have for Installing Tetragon in various environments, bare-metal, docker, systems, etc. Lets create a section to capture those instead of spreading that knowledge thorughout and/or in getting started which needs to be really about shortest path to up and running tetragon. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
References should be after content IMO. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Tetra CLI is useful for sure lets move it into installation. The getting started section can give the one line command to install it. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Enforcement is a big enough concept we can build its own section. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Lets document how we do benchmarks bring on the fun. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Simplify the getting started guide Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
This is nicer if a service is added later presumably it will also pull from this cidr. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Large JSON event block is best to put in hidden block. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Per Mahe's comment its best to align headers and files. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Tetragonon should be tetragon Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Create an installation section and move systemd install there. This further simplifies 'getting started' section. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
jrfastab
force-pushed
the
pr/jrfastab/docs
branch
from
d12ba5b
to
9720b29
Compare
| Then we can apply the egress cluster enforcement policy | ||
|
|
||
| ```shell-session | ||
| wget http://github.com/cilium/tetragon/quickstart/network_egress_cluster_enforce.yaml |
There was a problem hiding this comment.
those kinds of links will not work, you have many of them in the PR. you need the /blob/main part in the URL. That's how GitHub is doing things.
| The enforces TCP connects see [Enforce Sandbox]({{< ref "#enforce-common-security-policy" >}}) below to further restrict possible | ||
| workaround such as writing through /dev devices and raw sockets application may | ||
| attempt. |
There was a problem hiding this comment.
This is missing in the page and maybe should be removed?
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
The K8s quickstart guide lists a couple options for installing a K8s cluster -- kind and gke. Lets copy the tabular version Cilium docs have that also has other examples for a few different options.