From fb92b3a6a588165c062c75451b45a8e5976ddf93 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Tue, 1 Sep 2020 19:49:17 -0400 Subject: [PATCH] Fix documentation table layout --- docs/deploy/hardening-guide.md | 20 +++++++++++++++++--- docs/extra.css | 7 +++---- mkdocs.yml | 2 ++ 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/docs/deploy/hardening-guide.md b/docs/deploy/hardening-guide.md index 17fa524814..a7a98b8098 100644 --- a/docs/deploy/hardening-guide.md +++ b/docs/deploy/hardening-guide.md @@ -1,13 +1,14 @@ + # Hardening Guide ## Overview -There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are +There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are overlapping in some points: - [nginx CIS Benchmark](https://www.cisecurity.org/benchmark/nginx/) - [cipherlist.eu](https://cipherlist.eu/) (one of many forks of the now dead project cipherli.st) -This guide describes, what of the different configurations described in those guides is already implemented as default +This guide describes, what of the different configurations described in those guides is already implemented as default in the nginx implementation of kubernetes ingress, what needs to be configured, what is obsolete due to the fact that the nginx is running as container (the CIS benchmark relates to a non-containerized installation) and what is difficult or not possible. @@ -18,6 +19,7 @@ lead to have specific clients unable to reach your site or similar consequences. This guide refers to chapters in the CIS Benchmark. For full explanation you should refer to the benchmark document itself ## Configuration Guide + | Chapter in CIS benchmark | Status | Default | Action to do if not default| |:-------------------------|:-------|:--------|:---------------------------| | __1 Initial Setup__ ||| | @@ -109,4 +111,16 @@ This guide refers to chapters in the CIS Benchmark. For full explanation you sho | 5.3.4 Ensure that Content Security Policy (CSP) is enabled and configured properly (Not Scored) | ACTION NEEDED| See previous answer| See previous answer | | 5.3.5 Ensure the Referrer Policy is enabled and configured properly (Not Scored)| ACTION NEEDED | Depends on application. It should be handled in the applications webserver itself, not in the load balancing ingress | check backend webserver | | ||| | -| __6 Mandatory Access Control__| n/a| too high level, depends on backends | | \ No newline at end of file +| __6 Mandatory Access Control__| n/a| too high level, depends on backends | | + + diff --git a/docs/extra.css b/docs/extra.css index 713e0f65a7..469503c740 100644 --- a/docs/extra.css +++ b/docs/extra.css @@ -1,10 +1,9 @@ .md-typeset__table { - min-width: 100%; + min-width: 100%; } -@media only screen and (min-width: 768px) -{ - td:nth-child(1){ +@media only screen and (min-width: 768px) { + td:nth-child(1) { white-space: nowrap; } } diff --git a/mkdocs.yml b/mkdocs.yml index 23b9e6c3a5..3bb562efc9 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,6 +4,8 @@ repo_url: https://github.com/kubernetes/ingress-nginx site_url: https://kubernetes.github.io/ingress-nginx markdown_extensions: + - attr_list + - pymdownx.emoji - admonition - codehilite - pymdownx.inlinehilite