diff --git a/docs/features/network-mapping-network-policies/index.mdx b/docs/features/network-mapping-network-policies/index.mdx index 4c93ea01f..bdfc1beae 100644 --- a/docs/features/network-mapping-network-policies/index.mdx +++ b/docs/features/network-mapping-network-policies/index.mdx @@ -29,6 +29,13 @@ export const network_access_tutorials = [ Otterize's open-source [Network Mapper](/reference/configuration/network-mapper) and [Intents Operator](/reference/configuration/intents-operator) can map your cluster, with zero configuration, low privileges and low resource usage, and automate the management of network policies. +### Tutorials + +View the tutorials below to learn more about how to get started: + + + + ### Mapping & visualizing Otterize's [Network Mapper](/reference/configuration/network-mapper) is a zero-config, open-source and non-invasive tool to map your cluster. Deploy it on your cluster to get a graphical, textual or JSON representation of your cluster, and optionally use it to generate ClientIntents, which are declarations of the access each service in your cluster requires. @@ -36,21 +43,48 @@ Otterize's [Network Mapper](/reference/configuration/network-mapper) is a zero-c By connecting your cluster to Otterize Cloud, you'll immediately be presented with an interactive, historic and filterable map of your cluster. You can access the same information in different formats by using the open-source Otterize CLI, with the commands `otterize mapper export`, `otterize mapper list` and `otterize mapper visualize`. -:::danger -TODO -Brian, please add screenshots of the access graph and network mapper visual and textual output here. -::: +**visualize example:**: +![visualize example](/img/examples/example-visualize.png) + +**list example:** +``` +client in namespace otterize-tutorial-npol calls: + - server in namespace otterize-tutorial-npol +client-other in namespace otterize-tutorial-npol calls: + - server in namespace otterize-tutorial-npol +``` +**export example:** +```yaml +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client + namespace: otterize-tutorial-npol +spec: + service: + name: client + calls: + - name: server +--- +apiVersion: k8s.otterize.com/v1alpha3 +kind: ClientIntents +metadata: + name: client-other + namespace: otterize-tutorial-npol +spec: + service: + name: client-other + calls: + - name: server +``` + ### Access control By default, Kubernetes pods permit all outgoing and incoming traffic, posing potential security risks. Kubernetes [NetworkPolicies](/reference/terminology#network-policies) can be employed to limit either egress or ingress traffic, thereby enhancing security and compliance. -Having deployed Otterize, you can then apply the ClientIntents generated by the network mapper, or declared by you, to your cluster. The [Intents Operator](/reference/configuration/intents-operator) calculates which [Network Policies](/reference/terminology#network-policies) are required to allow the traffic declared by the ClientIntents, enforcing access on your cluster so that only intentional access is allowed. -:::danger -TODO -Brian, please add links to ClientIntents reference here whenever it's mentioned. -::: +Having deployed Otterize, you can then apply the [ClientIntents](/reference/IBAC-Overview) generated by the network mapper, or declared by you, to your cluster. The [Intents Operator](/reference/configuration/intents-operator) calculates which [Network Policies](/reference/terminology#network-policies) are required to allow the traffic declared by the ClientIntents, enforcing access on your cluster so that only intentional access is allowed. Read more in the [Network Policies Deep Dive](/features/network-mapping-network-policies/Reference/Network-Policies-Deep-Dive). @@ -65,10 +99,4 @@ spec: name: client calls: - name: nginx -``` - -### Tutorials - -View the tutorials below to learn more about how to get started: - - +``` \ No newline at end of file diff --git a/docs/features/postgresql/tutorials/postgres-mapping.mdx b/docs/features/postgresql/tutorials/postgres-mapping.mdx index 5fc6dfa38..32202f76b 100644 --- a/docs/features/postgresql/tutorials/postgres-mapping.mdx +++ b/docs/features/postgresql/tutorials/postgres-mapping.mdx @@ -30,7 +30,7 @@ Already have Otterize deployed with the database integration configured on your
Prepare a Kubernetes cluster - {@include: ../../_common/cluster-setup.md} + {@include: ../../../_common/cluster-setup.md}
@@ -38,11 +38,11 @@ Already have Otterize deployed with the database integration configured on your #### Create an Otterize Cloud account - {@include: ../../_common/create-account.md} + {@include: ../../../_common/create-account.md} #### Install Otterize OSS, connected to Otterize Cloud - {@include: ../../_common/install-otterize-from-cloud-with-enforcement.md} + {@include: ../../../_common/install-otterize-from-cloud-with-enforcement.md}
diff --git a/docusaurus.config.js b/docusaurus.config.js index 003b57101..de800e73b 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -204,6 +204,14 @@ const config = { from: ['/quick-visual-tutorials/visual-ibac-kafka-k8s'], to: '/features/kafka/tutorials/k8s-kafka-mapping', }, + { + from: ['/quickstart/visualization/postgresql'], + to: '/features/postgresql/tutorials/postgres-mapping' + }, + { + from: ['/quickstart/access-control/postgresql'], + to: '/features/postgresql/tutorials/postgres' + }, { from: ['/quick-visual-tutorials/visual-ibac-network-policies', '/quick-tutorials/k8s-network-policies', '/quickstart/access-control/k8s-network-policies'], to: '/features/network-mapping-network-policies/tutorials/k8s-network-policies', diff --git a/static/img/examples/example-visualize.png b/static/img/examples/example-visualize.png new file mode 100644 index 000000000..6dea8e9f5 Binary files /dev/null and b/static/img/examples/example-visualize.png differ