Skip to content

Commit

Permalink
Merge branch 'main' into bglynn/aws-visibility
Browse files Browse the repository at this point in the history
# Conflicts:
#	docs/features/network-mapping-network-policies/index.mdx
#	docusaurus.config.js
  • Loading branch information
bglynn committed Feb 21, 2024
2 parents 61c0167 + a4264e8 commit 9abe8c5
Show file tree
Hide file tree
Showing 6 changed files with 92 additions and 30 deletions.
8 changes: 4 additions & 4 deletions docs/_common/install-otterize-cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,15 @@ brew install otterize/otterize/otterize-cli
<TabItem value="Apple Silicon" label="Apple Silicon">

```bash
curl -LJO https://get.otterize.com/otterize-cli/v1.0.3/otterize_macOS_arm64_notarized.zip
curl -LJO https://get.otterize.com/otterize-cli/v1.0.4/otterize_macOS_arm64_notarized.zip
tar xf otterize_macOS_arm64_notarized.zip
sudo cp otterize /usr/local/bin # optionally move to PATH
```
</TabItem>
<TabItem value="Intel 64-bit" label="Intel 64-bit">

```bash
curl -LJO https://get.otterize.com/otterize-cli/v1.0.3/otterize_macOS_x86_64_notarized.zip
curl -LJO https://get.otterize.com/otterize-cli/v1.0.4/otterize_macOS_x86_64_notarized.zip
tar xf otterize_macOS_x86_64_notarized.zip
sudo cp otterize /usr/local/bin # optionally move to PATH
```
Expand All @@ -42,7 +42,7 @@ scoop install otterize-cli
<TabItem value="64-bit" label="64-bit">

```PowerShell
Invoke-WebRequest -Uri https://get.otterize.com/otterize-cli/v1.0.3/otterize_windows_x86_64.zip -OutFile otterize_Windows_x86_64.zip
Invoke-WebRequest -Uri https://get.otterize.com/otterize-cli/v1.0.4/otterize_windows_x86_64.zip -OutFile otterize_Windows_x86_64.zip
Expand-Archive otterize_Windows_x86_64.zip -DestinationPath .
# optionally move to PATH
```
Expand All @@ -54,7 +54,7 @@ Expand-Archive otterize_Windows_x86_64.zip -DestinationPath .
<TabItem value="64-bit" label="64-bit">

```bash
wget https://get.otterize.com/otterize-cli/v1.0.3/otterize_linux_x86_64.tar.gz
wget https://get.otterize.com/otterize-cli/v1.0.4/otterize_linux_x86_64.tar.gz
tar xf otterize_linux_x86_64.tar.gz
sudo cp otterize /usr/local/bin # optionally move to PATH
```
Expand Down
60 changes: 44 additions & 16 deletions docs/features/network-mapping-network-policies/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -29,28 +29,62 @@ export const network_access_tutorials = [

Otterize's open-source [Network Mapper](/reference/configuration/network-mapper) and [Intents Operator](/reference/configuration/intents-operator) can map your cluster, with zero configuration, low privileges and low resource usage, and automate the management of network policies.

### Tutorials

View the tutorials below to learn more about how to get started:

<DocsLinkCard items={network_access_tutorials} colSize={"sm"}/>


### Mapping & visualizing

Otterize's [Network Mapper](/reference/configuration/network-mapper) is a zero-config, open-source and non-invasive tool to map your cluster. Deploy it on your cluster to get a graphical, textual or JSON representation of your cluster, and optionally use it to generate ClientIntents, which are declarations of the access each service in your cluster requires.

By connecting your cluster to Otterize Cloud, you'll immediately be presented with an interactive, historic and filterable map of your cluster.
You can access the same information in different formats by using the open-source Otterize CLI, with the commands `otterize mapper export`, `otterize mapper list` and `otterize mapper visualize`.

:::danger
TODO
Brian, please add screenshots of the access graph and network mapper visual and textual output here.
:::
**visualize example:**:
![visualize example](/img/examples/example-visualize.png)

**list example:**
```
client in namespace otterize-tutorial-npol calls:
- server in namespace otterize-tutorial-npol
client-other in namespace otterize-tutorial-npol calls:
- server in namespace otterize-tutorial-npol
```
**export example:**
```yaml
apiVersion: k8s.otterize.com/v1alpha3
kind: ClientIntents
metadata:
name: client
namespace: otterize-tutorial-npol
spec:
service:
name: client
calls:
- name: server
---
apiVersion: k8s.otterize.com/v1alpha3
kind: ClientIntents
metadata:
name: client-other
namespace: otterize-tutorial-npol
spec:
service:
name: client-other
calls:
- name: server
```
### Access control
By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks.
Kubernetes [NetworkPolicies](/reference/terminology#network-policies) can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance.
Having deployed Otterize, you can then apply the ClientIntents generated by the network mapper, or declared by you, to your cluster. The [Intents Operator](/reference/configuration/intents-operator) calculates which [Network Policies](/reference/terminology#network-policies) are required to allow the traffic declared by the ClientIntents, enforcing access on your cluster so that only intentional access is allowed.
:::danger
TODO
Brian, please add links to ClientIntents reference here whenever it's mentioned.
:::
Having deployed Otterize, you can then apply the [ClientIntents](/reference/IBAC-Overview) generated by the network mapper, or declared by you, to your cluster. The [Intents Operator](/reference/configuration/intents-operator) calculates which [Network Policies](/reference/terminology#network-policies) are required to allow the traffic declared by the ClientIntents, enforcing access on your cluster so that only intentional access is allowed.
Read more in the [Network Policies Deep Dive](/features/network-mapping-network-policies/Reference/Network-Policies-Deep-Dive).
Expand All @@ -65,10 +99,4 @@ spec:
name: client
calls:
- name: nginx
```
### Tutorials
View the tutorials below to learn more about how to get started:
<DocsLinkCard items={network_access_tutorials} colSize={"sm"}/>
```
6 changes: 3 additions & 3 deletions docs/features/postgresql/tutorials/postgres-mapping.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,19 @@ Already have Otterize deployed with the database integration configured on your

<details>
<summary>Prepare a Kubernetes cluster</summary>
{@include: ../../_common/cluster-setup.md}
{@include: ../../../_common/cluster-setup.md}
</details>

<details>
<summary>Install Otterize in your cluster, <b>with</b> Otterize Cloud</summary>

#### Create an Otterize Cloud account

{@include: ../../_common/create-account.md}
{@include: ../../../_common/create-account.md}

#### Install Otterize OSS, connected to Otterize Cloud

{@include: ../../_common/install-otterize-from-cloud-with-enforcement.md}
{@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md}

</details>

Expand Down
26 changes: 19 additions & 7 deletions docusaurus.config.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ const footerSocialLinks = `
width='30'
height='30'
loading='lazy'
src="img/footer/github.svg"
src="/img/footer/github.svg"
alt="GitHub logo"
className='w-5 h-5 relative'
/>
Expand All @@ -53,7 +53,7 @@ const footerSocialLinks = `
width='30'
height='30'
loading='lazy'
src="img/footer/linkedin.svg"
src="/img/footer/linkedin.svg"
alt="LinkedIn logo"
className='w-5 h-5 relative'
/>
Expand All @@ -63,7 +63,7 @@ const footerSocialLinks = `
width='30'
height='30'
loading='lazy'
src="img/footer/x.svg"
src="/img/footer/x.svg"
alt="X logo"
className='w-5 h-5 relative'
/>
Expand All @@ -73,7 +73,7 @@ const footerSocialLinks = `
width='30'
height='30'
loading='lazy'
src="img/footer/slack.svg"
src="/img/footer/slack.svg"
alt="Slack logo"
className='w-5 h-5 relative'
/>
Expand All @@ -83,7 +83,7 @@ const footerSocialLinks = `
width='30'
height='30'
loading='lazy'
src="img/footer/youtube.svg"
src="/img/footer/youtube.svg"
alt="YouTube logo"
className='w-5 h-5 relative'
/>
Expand Down Expand Up @@ -184,6 +184,10 @@ const config = {
from: ['/quick-tutorials/k8s-kafka-mtls', '/quickstart/access-control/k8s-kafka-mtls'],
to: '/features/kafka/tutorials/k8s-kafka-mtls',
},
{
from: ['/quickstart/access-control/aws-iam-eks'],
to: '/features/aws-iam/tutorials/aws-iam-eks',
},
{
from: ['/quick-tutorials/aws-eks-cni-mini','/quickstart/access-control/aws-eks-cni-mini'],
to: '/features/network-mapping-network-policies/tutorials/aws-eks-cni-mini',
Expand All @@ -204,6 +208,14 @@ const config = {
from: ['/quick-visual-tutorials/visual-ibac-kafka-k8s'],
to: '/features/kafka/tutorials/k8s-kafka-mapping',
},
{
from: ['/quickstart/visualization/postgresql'],
to: '/features/postgresql/tutorials/postgres-mapping'
},
{
from: ['/quickstart/access-control/postgresql'],
to: '/features/postgresql/tutorials/postgres'
},
{
from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'],
to: '/features/network-mapping-network-policies/tutorials/k8s-network-policies',
Expand Down Expand Up @@ -384,9 +396,9 @@ const config = {
{
html: `<div class="footer_copyright tw-w-full">
<div style="display:flex;">
<img src="img/footer/cloud-native.svg" style="margin-right:20px;"/>
<img src="/img/footer/cloud-native.svg" style="margin-right:20px;"/>
<a href="https://otterize.com/soc2-request" target="_blank" style="height:50px;">
<img src="img/footer/soc.png" style="width:50px;"/>
<img src="/img/footer/soc.png" style="width:50px;"/>
</a>
</div>
<div class="tw-w-full tw-h-14 tw-flex-col tw-justify-start tw-items-start tw-gap-8 tw-inline-flex">
Expand Down
Binary file added static/img/examples/example-visualize.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
22 changes: 22 additions & 0 deletions static/img/icons/postgresql-no-word-mark.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 9abe8c5

Please sign in to comment.