search

kumahq / kuma-website

🐻 The official website for Kuma, the control plane for modern service connectivity.
https://kuma.io
Apache License 2.0
104 stars 87 forks source link

feat(meshtls): initial guide #1906

Closed slonka closed 1 day ago

slonka commented 1 week ago

closes https://github.com/kumahq/kuma-website/issues/1897

rendered: https://deploy-preview-1906--kuma.netlify.app/docs/dev/guides/progressively-rolling-in-strict-mtls/

Did you sign your commit? Instructions yes

Have you read Contributing guidelines? yes

netlify[bot] commented 1 week ago

Deploy Preview for kuma ready!

Name Link
Latest commit c5d5a816e1a24d48babe8dad1938ec06ffde9362
Latest deploy log https://app.netlify.com/sites/kuma/deploys/66fbddde70b51b000847ff0d
Deploy Preview https://deploy-preview-1906--kuma.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

Lighthouse		 1 paths audited
Performance: 74 (🔴 down 19 from production)
Accessibility: 90 (no change from production)
Best Practices: 100 (no change from production)
SEO: 85 (no change from production)
PWA: 80 (no change from production)
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

slonka commented 1 week ago

It would be good to have a mermaid diagram to show what things look like at each step

added, do you think I should also somehow show when things are in strict vs permissive mode?

It would be good at the end to have a section: "Things to remember when migrating to strict TLS" with things like: "before turning something to strict check that this stat is no longer incrementing"

added that but need to check that metric... @johncowen - did we write down the metrics we want to use in the GUI to show TLS-ed / non TLS-ed requests / connections?

also do you have any other final points that we should add?

johncowen commented 1 week ago

@slonka I think this is what you are talking about:

https://github.com/kumahq/kuma-gui/issues/2974

Lemme know if not!

slonka commented 1 week ago

@lahabana - probably shouldn't ask the users to calculate things by hand... maybe we should keep tls_inspector stats for now with a * that it's not 100% sure and point people to GUI once the feature linked by JC makes sense, WDYT?

lahabana commented 1 week ago

Providing at least clarity as to which metrics users should like like seems ok to me no? What's being calculated here?

The graphs look good but would it be helpful to color the arrows depending on TLS and non-TLS traffic?