diff --git a/docs/features/github/index.mdx b/docs/features/github/index.mdx index 5b6146162..8521bd4a3 100644 --- a/docs/features/github/index.mdx +++ b/docs/features/github/index.mdx @@ -17,8 +17,7 @@ export const tutorials = [ # GitHub - -Otterize can create just-in-time AWS IAM roles and policies for your workloads running on EKS Kubernetes clusters, greatly simplifying the lifecycle of managing IAM roles and policies. +With the GitHub integration, Otterize automatically opens pull requests when it detects differences between policies defined in ClientIntents and actual application traffic. ### Tutorials @@ -27,6 +26,8 @@ To learn how to leverage Otterize's continuous monitoring of your cluster's acce ### How does Otterize work with GitHub? -After installing Otterize in your cluster, it immediately begins monitoring both incoming and outgoing network traffic to your pods and the public internet via the network mapper feature (see Network Mapper for more details). Additionally, Otterize can track activity across various resources, including Postgres, AWS, Kafka, and more. This tracking helps Otterize create a detailed map of interactions and relationships. + After you deploy ClientIntents and enable enforcement, any traffic that doesn't match the configured intents is blocked. With the GitHub integration, Otterize continuously compares the ClientIntents stored in your remote repository with the traffic the Network Mapper detects in your cluster. + +If changes in your application's traffic patterns are detected, Otterize automatically submits a pull request to your chosen branch, updating the ClientIntents in your remote repository to reflect the actual traffic. This approach significantly reduces frictions for developers, allowing discrepancies to be resolved easily through familiar GitOps workflows. -By leveraging ClientIntents, Otterize simplifies the application and enforcement of access rights, thereby enhancing cluster security. Once ClientIntents are defined and stored in a GitHub repository, Otterize compares these intended access patterns against actual usage within the cluster. Discrepancies trigger a pull request to update the ClientIntent definitions to reflect current usage. This process enables development teams to either accept the suggested changes or adjust them based on newly observed behaviors. \ No newline at end of file +Alternatively, you can use the GitHub integration in shadow mode. In this mode, Otterize does not enforce any intents but continues updating the ClientIntents in your remote repository. This setup lets you gradually build the necessary ClientIntents for intended access without risking blocked connections. Once you stop receiving new pull requests for new connections, you can be confident that all required ClientIntents are declared and proceed to activate enforcement. diff --git a/docs/getting-started/README.mdx b/docs/getting-started/README.mdx index f7593ef98..4372a2f5c 100644 --- a/docs/getting-started/README.mdx +++ b/docs/getting-started/README.mdx @@ -49,6 +49,12 @@ export const features = [ icon: '/img/icons/istio-no-word-mark.svg', url: '/features/istio/' }, + { + title: 'GitHub', + icon: '/img/icons/github-logo.svg', + url: '/features/github/' + } +]; [//]: # ({) [//]: # (title: 'PostgreSQL',) @@ -56,12 +62,6 @@ export const features = [ [//]: # ( url: '/features/postgresql/') [//]: # ( },) - { - title: 'GitHub', - icon: '/img/icons/github-logo.svg', - url: '/features/github/' - }, -]; export const tutorials_access = [ {