-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add blog article about microservices, vulnerabilities, and Guard #38918
Add blog article about microservices, vulnerabilities, and Guard #38918
Conversation
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
@davidhadas if you can provide the source for those diagrams (GitHub lets you add attachments to a comment), I'll try to make a version as SVG that will work OK. |
Power point file |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the revised / squashed replacement PR.
Two style items you should fix:
- don't use “we” (there's only one author, and our style guide recommends addressing the reader as ”you”)
- Write headings within the article in sentence case
I'd love to try to fix the diagrams into SVG, and should have time to work on that if you provide the source file.
Where I've marked feedback as a nit, this is something that I recommend, but you don't have to accept the feedback and we can merge anyway even if you don't agree or don't get round to addressing it.
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
@sftim |
/retitle Add blog article about microservices, vulnerabilities, and Guard |
I looked at https://github.com/kubernetes/website/pull/38918/files and saw feedback not yet accounted for. Please comment when you've had a chance to address what's remaining (either incorporate the feedback, or you can explain why you disagree). |
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Tim Bannister <tim@scalefactory.com>
…ndex.md Co-authored-by: Nate W. <natew@cncf.io>
…ndex.md Co-authored-by: Nate W. <natew@cncf.io>
…ndex.md Co-authored-by: Nate W. <natew@cncf.io>
…ndex.md Co-authored-by: Nate W. <natew@cncf.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this LGTM. Thanks @davidhadas for your patience. The main suggestions right now are:
- Change the date of publication since it seems to be in the past.
- Are we planning to continue with the .png files? I recall @sftim mentioning that we'd prefer .svg files.
- Thirdly, since this is third-party content, I believe we need to add the third-party content tag. @sftim & @nate-double-u I'd like your opinions on this, as well.
content/en/blog/_posts/2023-01-15-Security-Bahavior-Analysis/index.md
Outdated
Show resolved
Hide resolved
@divya-mohan0209 @nate-double-u @sftim If the standard is to mark such posts in any way - it should be done here as well. There is no vendor-related content at all in this post. |
To clarify our stand on third-party content, we have some documentation outlining what falls under this category. My understanding from this blog post is that Guard is a project we aren't dependent on but is a good-to-have for security behavior monitoring and analysis. Based on that understanding, I believe this does fall under the third-party category. |
Sorry, I'm a bit busy but:
We actually try to provide parity between external projects (outside Kubernetes) from three kinds of source:
Even though we're a CNCF project, we try to avoid giving other CNCF projects unmerited special treatment. CoreDNS gets an exemption not for its provenance but because you need a relevant DNS implementation to have a conformant cluster. |
Oh, and the SVG thing, I haven't had time yet. I think we could convert after publication but recommend we check we're happy to do so. /hold |
Thank you for your response, Tim! |
Can you please refer me to an example blog post that has the third party content shortcode? I need to understand which shortcode exactly and where to place it. Searching under content/en/blog/_posts, I found no blog posts that have "thirdparty-content" embedded in them - so I am a bit puzzled. Btw, I was originally told when I started this process that third party content can't exist in the documentation but can exist in blog posts and there are of course many examples (many blog posts do include references to projects outside of Kubernetes). Since I could not yet find an example I have no idea what it means to add the third party content shortcode, but I understand from the documentation it adds some disclaimer - not a problem of course. As for SVG, please do not postpone this post further to create SVGs. Why are we on "hold" again? |
|
I can clarify: we don't expect the @nate-double-u / other blog team folk: thoughts? |
If that helps - the text includes the sentence "Guard, developed under the CNCF project Knative." I.e. clearly it is stated that Guard is developed externally. If I understand correctly, we are good to go - please clarify if not. |
I agree, we shouldn't hold up the post for SVGs -- we'll just need to remember to open an issue when we merge the PR to make the update.
I agree, if the text is clear that the article is third party content then we shouldn't need the shortcode. The link to the article that Divya provided is a good example - it can be short and doesn't need to be in the disclaimer box. |
@sftim, @divya-mohan0209, @nate-double-u Excellent, so now that we have thumbs up from both sig-security and sig-docs - let's get it merged today such that it can be online tomorrow. Thank you all for your reviews |
I think the line "It points to Guard, an open source project offering security-behavior monitoring and control of Kubernetes microservices presumed vulnerable._" covers the third party stuff, should there be anything else @sftim, @divya-mohan0209? /lgtm |
LGTM label has been added. Git tree hash: 0b459868f98d22cb2407487169e708ca8d85070d
|
Deferring to the subproject owners' suggestions above and approving the PR. @davidhadas : Please open an issue for your files to be converted to an SVG whenever you're in for the day. Kindly add a reference to this PR so that contributors can understand the background. Thanks! /hold cancel |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: divya-mohan0209 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Changes addressed + deferring to the subproject owners' recommendations.
See #39015 - issue for the files to be converted to an SVG |
This is a continuation of #38104 where a long discussion was already held and reviews of both #sig-security and #sig-docs were provided.
Due to technical problems with the preview mechanism in #38104, we continue here and will close #38104.
This PR adds a blog post discussing "Vulnerable Microservices"
It explains why it s realistic to assume all services deployed on Kubernetes are vulnerable
It shows that using proper security-behavior instrumentation can protect deployed vulnerable services
It details 4 cyber use cases that users should cover in their service deployments
It shows that microservice architecture is well-suited to security-behavior instrumentation
It points to the Guard Open Source (Part of the CNCF Knative project) to offer security-behavior instrumentation
The idea to create this post came up while discussing options to raise the security awareness of 4 cyber use cases that need to be covered by Kubernetes users and the desire to point them to the external open-source project that targets covering these use cases.
See #37356