Update for 1.20 and 1.23 scans #209
Conversation
There was a problem hiding this comment.
The sidebar.js file at the root needs to be updated as well to account for the page additions, removals, and rename(s) . I can't make suggestions or comment on it since it's not part of the PR so I added a commit for the sidebar.js file.
It also looks like PDFs haven't been uploaded yet. Could you please link the tickets where that's being tracked so we can keep an eye on that.
...ncher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md
Outdated
Show resolved
Hide resolved
...ncher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md
Outdated
Show resolved
Hide resolved
...cher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.20-benchmark.md
Outdated
Show resolved
Hide resolved
...cher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.20-benchmark.md
Outdated
Show resolved
Hide resolved
...cher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.20-benchmark.md
Outdated
Show resolved
Hide resolved
...ecurity/rancher-v2.6-hardening-guides/rke2-self-assessment-guide-with-cis-v1.23-benchmark.md
Outdated
Show resolved
Hide resolved
...ecurity/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.20-benchmark.md
Outdated
Show resolved
Hide resolved
...ecurity/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.23-benchmark.md
Outdated
Show resolved
Hide resolved
...security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.6-benchmark.md
Outdated
Show resolved
Hide resolved
...ecurity/rancher-v2.6-hardening-guides/rke2-self-assessment-guide-with-cis-v1.23-benchmark.md
Outdated
Show resolved
Hide resolved
|
Issue for PDFs upload |
|
LGTM (docs perspective). Will merge once the PDFs are uploaded and QA has reviewed. |
|
Hi @prachidamle, who would be the QA contact to review this? |
|
Besides QA, these changes also need to be reviewed by security. @btat can you please assign me as a reviewer? I can't do that myself. |
There was a problem hiding this comment.
https://releases.rancher.com/documents/security/2.6/Rancher_RKE2_v2-6_CIS_v1-23_Hardening_Guide.pdf leads to an xml error page -
NoSuchKey
The specified key does not exist.
|
@btat @mitulshah-suse I think the hardening and self-assessment guide should be linked to docs links internally - why do we need to upload them separately? |
The internal links are already in place. Not sure why they are uploaded as well to be honest. I just followed the steps from an older ticket to raise the upload issue. |
Like Mitul, I'm just following the existing process. I dug back and found https://github.com/rancher/docs/issues/1157, which would suggest the PDFs existed before the Markdown version was added to the docs site. Perhaps the PDFs are distributed directly through other means outside of the docs? @catherineluse do you have any background knowledge on this? |
|
@btat Yes, Nelson generated the hardening guides in PDF format. I don't know where the source code or script is for that. Maybe Lucas knows. |
|
@catherineluse @btat the scripts used to convert the scans from JSON to Markdown and the Markdown pages to PDF are available in https://github.com/rancher/docs/tree/master/scripts/converters. I took over Nelson's work with the hardening guides since we updated them to 2.6. After some thinking and while creating the K3s hardening guide for GA - rancher/rancher#37493, I would actually recommend to stop generating the PDFs. As the pages grew bigger and bigger and with some small changes in formatting after the migration to Docusaurus, I see that sometimes the PDFs doesn't look great and require changes in the format. I'm not even sure if the PDFs are adding any real value to the users (at least that I'm aware of). Perhaps it's better to stop generating until customers ask for it (in case they even do). Not sure if we need to get someone from Product for this decision. |
|
FYI I haven't had time to review the updated guides and how they will be structured inside the security section. I plan to do this as soon as I finish some priority work for 2.6 and 2.7. |
|
@macedogm could you please review this when you have a chance. |
|
Reassigning this PR to @andypitcher who is taking the lead with the hardening guides and CIS. Andy, if you need any support, please let me know. Thanks! |
| | Kubernetes v1.18 up to v1.23 | CIS v1.6 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md) | | ||
| | Kubernetes v1.18 | CIS v1.6 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.6-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.6-benchmark.md) | | ||
| | Kubernetes v1.19 up to v1.21 | CIS v1.20 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.20-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.20-benchmark.md) | | ||
| | Kubernetes v1.22 up to v1.24 | CIS v1.23 | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-self-assessment-guide-with-cis-v1.23-benchmark.md) | [Link](../reference-guides/rancher-security/rancher-v2.6-hardening-guides/rke1-hardening-guide-with-cis-v1.23-benchmark.md) | |
There was a problem hiding this comment.
With the dev of CIS-1.24 (k8s v1.24) and CIS-1.7 (k8s v1.25), I suggest to update L36 to have CIS-1.23 covering up to k8s v1.23:
- Kubernetes v1.22 up to v1.24
+ Kubernetes v1.22 up to v1.23
Related to #34