Expand security-hardening/ subsection, reorder howtos/ section

[viccuad]

Description

Related to #558.

While working on kubewarden/community#40, I feel it's easier to provide a more featured security-hardening section than to write the contents of this PR in the self-assessment which is not so accessible.

Expanded with a summary on how to harden Kubewarden installations.

Reorder howtos/ section, from more general and newbie topics, to more specific and obscure.

Test

Additional Information

Tradeoff

Potential improvement

[netlify]

✅ Deploy Preview for docs-kubewarden-io ready!

Name	Link
🔨 Latest commit	1089337
🔍 Latest deploy log	https://app.netlify.com/sites/docs-kubewarden-io/deploys/67d8467c45d8970008bbe91b
😎 Deploy Preview	https://deploy-preview-562--docs-kubewarden-io.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[flavio]

@viccuad JFYI, I think that, starting from 1.23, we will be able to run the whole KW stack inside of a namespace where the restricted PSA is enforced

[flavio]

Thanks for having handled that!

[jhkrug]

Hi from Orlando airport! I will be able to review in more detail next week. But looks fine so far. The move from 'air-gap' to 'air gap'. No problem, just wondering what's the driver? Is there a reference that recommends one over the other that you have in mind? It's the sort of thing that we would want to be used consistently. Ideally across SUSE.

[viccuad]

The move from 'air-gap' to 'air gap'. No problem, just wondering what's the driver?

I went for consistency inside docs.kubewarden.io, but I'm ok with any nomenclature!

We can discuss about it in the next days, no rush :).

[jhkrug]

Hi, a few suggestions. Thanks.

[jhkrug]

Is 'safe' the right word? Maybe 'partitioned from' or 'separate to'? Just wondering.

Suggested change

	ensure the Kubewarden stack is safe from other workloads.
	ensure the Kubewarden stack is safe from other workloads.

[viccuad]

I would say it's correct, by deploying the kubewarden-defaults chart we ensure the safety of Kubewarden. It's already partitioned, but if we allow other workloads to deploy with privileges (because the kubewarden-defaults chart is not deployed for example) then Kubewarden, and by extension the rest of the cluster, is not safe.

[jhkrug]

The move from 'air-gap' to 'air gap'. No problem, just wondering what's the driver?

I went for consistency inside docs.kubewarden.io, but I'm ok with any nomenclature!

We can discuss about it in the nexy days, no rush :).

Great. Consistency was a word used a lot in my presentation at SC. It's, in my view, the most important thing in a set of docs. We also have a company-wide technical glossary called termweb, recently adopted, looking for wider usage. Air gap is not in it yet and I'll do something about that.

[viccuad]

@jhkrug I found Rancher 1.x docs mention "Air gap" mostly, while in 2.x there's "Air gap" and "Air-gap".

Is it ok merging this PR as-is? I'm happy changing the air gap mentions now or later of course.

[jhkrug]

@jhkrug I found Rancher 1.x docs mention "Air gap" mostly, while in 2.x there's "Air gap" and "Air-gap".

Is it ok merging this PR as-is? I'm happy changing the air gap mentions now or later of course.

I am happy that we are consistent within KW for now. Consistency over cloud native will come over time. Terms that are in the glossary/termweb will become controlled and set as variable/attributes to be used in the markdown/asciidoc.

[jhkrug]

lgtm

[viccuad]

merging, thanks!