Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

K8s kafka mtls tutorial new screenshots and text edit #121

Closed
wants to merge 5 commits into from
Closed

K8s kafka mtls tutorial new screenshots and text edit #121

wants to merge 5 commits into from

Conversation

sapirwo
Copy link
Contributor

@sapirwo sapirwo commented Aug 30, 2023
edited

Description

Updating the K8s kafka mtls tutorial screenshots to match the new access graph design.

The changes we did:

  1. Redesign the access graph nodes.
  2. Redesign the access graph nodes info modal.
  3. Redesign the access graph edges info modal.
  4. Remove the focus mode.

orishoshan
orishoshan reviewed Sep 5, 2023
View reviewed changes
Copy link
Contributor

@orishoshan orishoshan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops, forgot to submit my review comments

docs/quick-tutorials/k8s-kafka-mtls.mdx Outdated
2. Calls from **[client-other]** are not declared (missing "white" inner line).
3. Looking at the Kafka service, we can see that **[client]** has specific access configured (via Kafka ACLs) to perform `all` operations on the `mytopic` topic.
1. The client intents are reflected as a green line from **[client]** to **[kafka]** ("Allowed").
2. Calls from **[client-other]** are not declared, therefore reflected as yellow line ("Would be blocked").
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Calls from **[client-other]** are not declared, therefore reflected as yellow line ("Would be blocked").
2. Calls from **[client-other]** are not declared and would be blocked, therefore appearing as a yellow line, reflecting the fact it would be blocked.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here re the legend. Changed the phrasing to explain the meaning.

docs/quick-tutorials/k8s-kafka-mtls.mdx Outdated
1. Kafka topic-specific intents from **[client]** are declared (solid black inner line and Kafka icon).
2. Calls from **[client-other]** are not declared (missing "white" inner line).
3. Looking at the Kafka service, we can see that **[client]** has specific access configured (via Kafka ACLs) to perform `all` operations on the `mytopic` topic.
1. The client intents are reflected as a green line from **[client]** to **[kafka]** ("Allowed").
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. The client intents are reflected as a green line from **[client]** to **[kafka]** ("Allowed").
1. The connection from **[client]** to **[kafka]** is allowed, appearing as a green line, reflecting the fact that it is allowed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got that you were probably referring to the legend by adding ("Allowed"), but I guess the reader might not get that, so I replaced it with words pointing out the meaning.

docs/quick-tutorials/k8s-kafka-mtls.mdx Outdated

Since discovered intents from the network mapper don't specify what specific topics and operations clients are performing (or attempting to perform), the access graph cannot show information on what is being blocked vs allowed (red vs green). That feature is in development.

Also, the access graph shows information about the mTLS certificates (credentials) distributed to the various services, as long as [Cloud-managed credentials](/security#cryptographic-credentials) are being used. Visibility for certificates distributed through an in-cluster SPIRE is in development.

Click on **Kafka** service to get more details:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Click on **Kafka** service to get more details:
Click on the **Kafka** service to get more details:

@orishoshan orishoshan closed this Sep 16, 2023
@orishoshan orishoshan deleted the sapir/k8s-kafka-mtls-tutorial-screenshots-update branch September 16, 2023 18:37
@github-actions github-actions bot locked and limited conversation to collaborators Sep 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@orishoshan orishoshan orishoshan left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sapirwo @orishoshan