Revision - 3eee19a - docs: Drop sphinxcontrib-openapi fork, switch back to upstream

Revision 3eee19a17a23489bb9461e0526f42d7f71da35ed authored by Quentin Monnet on 16 January 2023, 13:56:21 UTC, committed by Quentin Monnet on 17 January 2023, 09:41:25 UTC

docs: Drop sphinxcontrib-openapi fork, switch back to upstream

Once upon a time, Cilium docs used the openapi Sphinx add-on to generate
its API reference based on the code. And things were good.

One day, Dependabot raised a security alert, stating that Mistune v2.0.2
was vulnerable to catastrophic backtracking [0] - this is a regex
parsing thing. Mistune was a dependency to m2r, an add-on to parse
Markdown in Sphinx, which in turn was a dependency to openapi.

The easy path would have been to update m2r to use the latest, fixed
Mistune version; but m2r was incompatible with Mistune >= 2.0.0, and
also it was no longer in development.

There was a fork, m2r2, which had little activity, and would avoid the
security issue by very simply pinning the Mistune version to 0.8.4
(which would either fail to build Cilium's reference correctly, or bring
some incompatibilities with other dependencies, at this point the
narrator does not remember for sure).

There was a fork of the fork, sphinx-mdinclude. We could use that
project to update openapi, except that it was not compatible with recent
versions of docutils, and that this would cause openapi's test suite to
fail to pass.

... So we ended up forking the openapi repository to update the
dependency to sphinx-mdinclude locally, and this is what we've been
using since last summer. And things were good again.

But things are even better when they go upstream [citation needed]. We
also filed the issue for docutils compatibility in sphinx-mdinclude [1].
It was fixed (thanks!). We submitted a PR to have openapi switch to
sphinx-mdinclude [2]. It was adjusted (thanks!), merged, and a new tag
was created.

Now at last, we can switch back to the upstream version of openapi!
[And the build system lived happily ever after.]

[0]: https://github.com/advisories/GHSA-fw3v-x4f2-v673
[1]: https://github.com/omnilib/sphinx-mdinclude/issues/8
[2]: https://github.com/sphinx-contrib/openapi/pull/127

I did _not_ run `make -C Documentation update-requirements`, because the
resulting changes seemed to break the Netlify preview [3]. I stuck to
openapi and bumped sphinx-mdinclude to >= 0.5.2, as required by openapi.

[3] https://app.netlify.com/sites/docs-cilium-io/deploys/63c55fcc5531c6000838b87c

Signed-off-by: Quentin Monnet <quentin@isovalent.com>

1 parent 4ec82bb

Files
Changes

Permalinks

FURTHER_READINGS.rst

Further Reading
===============

.. further-reading-begin

Related Material
----------------

* `BPF for security—and chaos—in Kubernetes <https://lwn.net/Articles/790684/>`_
* `k8s-snowflake: Configs and scripts for bootstrapping an opinionated
  Kubernetes cluster anywhere using Cilium plugin
  <https://github.com/jessfraz/k8s-snowflake>`_
* `Using Cilium for NetworkPolicy: Kubernetes documentation on how to use Cilium
  to implement NetworkPolicy
  <https://kubernetes.io/docs/tasks/administer-cluster/cilium-network-policy/>`_

Presentations
-------------

* Kubernetes on Edge Day, Europe 2022 - Connecting Klusters on the Edge with Deep Dive into Cilium Cluster Mesh:
  `Video <https://www.youtube.com/watch?v=UcsEVnFtrLY>`__
* Cloud Native Telco Day, Europe 2022 - Leveraging Cilium and SRv6 for Telco Networking:
  `Video <https://www.youtube.com/watch?v=vJaOKGWiyvU>`__
* KubeCon, Europe 2022 - A Guided Tour of Cilium Service Mesh:
  `Video <https://www.youtube.com/watch?v=e10kDBEsZw4>`__
* eBPF Day, Europe, 2022 - IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with Cilium:
  `Video <https://www.youtube.com/watch?v=sg-F_R-ZVNc>`__
* KubeCon, North America 2021 - Beyond printf & tcpdump: Debugging Kubernetes Networking with eBPF:
  `Video <https://www.youtube.com/watch?v=vqx-hLYfCYE>`__
* eBPF Summit, Virtual 2020 - Our eBPF Journey at Datadog:
  `Video <https://www.youtube.com/watch?v=6mTVuZUHLBg>`__
* eBPF Summit, Virtual 2020 - Building a Secure and Maintainable PaaS Leveraging Cilium:
  `Video <https://www.youtube.com/watch?v=hwOpCKBaJ-w>`__
* eBPF Summit, Virtual 2020 - The Past, Present and Future of Cilium and Hubble at Palantir:
  `Video <https://www.youtube.com/watch?v=3K5WJ_h5PhI>`__
* KubeCon, Europe 2020 - Hubble - eBPF Based Observability for Kubernetes:
  `Video <https://www.youtube.com/watch?v=8WCbGSCyDSo>`__
* Fosdem, Brussels, 2020 - BPF as a revolutionary technology for the container landscape:
  `Slides <https://docs.google.com/presentation/d/1VOUcoIxgM_c6M_zAV1dLlRCjyYCMdR3tJv6CEdfLMh8/edit#slide=id.g7055f48ba8_0_0>`__, `Video <https://fosdem.org/2020/schedule/event/containers_bpf/>`__
* KubeCon, North America 2019 - Understanding and Troubleshooting the eBPF Datapath in Cilium:
  `Video <https://www.youtube.com/watch?v=Kmm8Hl57WDU>`__
* KubeCon, North America 2019 - Liberating Kubernetes from kube-proxy and iptables:
  `Slides <https://docs.google.com/presentation/d/1cZJ-pcwB9WG88wzhDm2jxQY4Sh8adYg0-N3qWQ8593I/edit#slide=id.g7055f48ba8_0_0>`__, `Video <https://www.youtube.com/watch?v=bIRwSIwNHC0>`__
* KubeCon, Europe 2019 - Using eBPF to Bring Kubernetes-Aware Security to the Linux Kernel:
  `Video <https://www.youtube.com/watch?v=7PXQB-1U380>`__
* KubeCon, Europe 2019 - Transparent Chaos Testing with Envoy , Cilium and BPF:
  `Slides <https://static.sched.com/hosted_files/kccnceu19/54/Chaos%20Testing%20with%20Envoy%2C%20Cilium%20and%20eBPF.pdf>`__, `Video <https://www.youtube.com/watch?v=gPvl2NDIWzY>`__
* All Systems Go!, Berlin, Sept 2018 - Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
  `Slides <https://www.slideshare.net/ThomasGraf5/cilium-bringing-the-bpf-revolution-to-kubernetes-networking-and-security>`__, `Video <https://www.youtube.com/watch?v=QmmId1QEE5k>`__
* QCon, San Francisco 2018 - How to Make Linux Microservice-Aware with Cilium and eBPF:
  `Slides <https://www.slideshare.net/InfoQ/how-to-make-linux-microserviceaware-with-cilium-and-ebpf>`__, `Video <https://www.youtube.com/watch?v=_Iq1xxNZOAo>`__  
* KubeCon, North America 2018 - Connecting Kubernetes Clusters Across Cloud Providers:
  `Slides <https://static.sched.com/hosted_files/kccna18/68/Connecting%20Multiple%20Kubernetes%20Clusters%20Across%20Cloud%20Providers.pdf>`__, `Video <https://www.youtube.com/watch?v=U34lQ8KbQow>`__
* KubeCon, North America 2018 - Implementing Least Privilege Security and Networking with BPF on Kubernetes:
  `Slides <https://www.slideshare.net/ThomasGraf5/accelerating-envoy-and-istio-with-cilium-and-the-linux-kernel>`__, `Video <https://www.youtube.com/watch?v=3F_XNbhjgxY>`__
* KubeCon, Europe 2018 - Accelerating Envoy with the Linux Kernel:
  `Video <https://www.youtube.com/watch?v=ER9eIXL2_14>`__
* Open Source Summit, North America - Cilium: Networking and security for containers with BPF and XDP:
  `Video <https://www.youtube.com/watch?v=CcGtDMm1SJA>`__
* DockerCon, Austin TX, Apr 2017 - Cilium - Network and Application Security with BPF and XDP: `Slides
  <https://www.slideshare.net/ThomasGraf5/dockercon-2017-cilium-network-and-application-security-with-bpf-and-xdp>`__, `Video <https://www.youtube.com/watch?v=ilKlmTDdFgk>`__
* CNCF/KubeCon Meetup, Berlin, Mar 2017 - Linux Native, HTTP Aware Network Security:
  `Slides <https://www.slideshare.net/ThomasGraf5/linux-native-http-aware-network-security>`__, `Video <https://www.youtube.com/watch?v=Yf_INdTWIHI>`__
* Docker Distributed Systems Summit, Berlin, Oct 2016:
  `Slides <http://www.slideshare.net/Docker/cilium-bpf-xdp-for-containers-66969823>`__, `Video <https://www.youtube.com/watch?v=TnJF7ht3ZYc&list=PLkA60AVN3hh8oPas3cq2VA9xB7WazcIgs&index=7>`__
* NetDev1.2, Tokyo, Sep 2016 - cls_bpf/eBPF updates since netdev 1.1:
  `Slides <http://borkmann.ch/talks/2016_tcws.pdf>`__, `Video <https://youtu.be/gwzaKXWIelc?t=12m55s>`__
* NetDev1.2, Tokyo, Sep 2016 - Advanced programmability and recent updates with tc’s cls_bpf:
  `Slides <http://borkmann.ch/talks/2016_netdev2.pdf>`__, `Video <https://www.youtube.com/watch?v=GwT9hRiqdUo>`__
* ContainerCon NA, Toronto, Aug 2016 - Fast IPv6 container networking with BPF & XDP:
  `Slides <http://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp>`__

Podcasts
--------

* Software Gone Wild by Ivan Pepelnjak, Oct 2016: `Blog <http://blog.ipspace.net/2016/10/fast-linux-packet-forwarding-with.html>`__, `MP3 <http://media.blubrry.com/ipspace/stream.ipspace.net/nuggets/podcast/Show_64-Cilium_with_Thomas_Graf.mp3>`__
* OVS Orbit by Ben Pfaff, May 2016: `Blog <https://ovsorbit.benpfaff.org/#e4>`__, `MP3 <https://ovsorbit.benpfaff.org/episode-4.mp3>`__

Community blog posts
--------------------

* `Cilium for Network and Application Security with BPF and XDP, Apr 2017
  <https://blog.scottlowe.org/2017/04/18/black-belt-cilium/>`_
* `Cilium, BPF and XDP, Google Open Source Blog, Nov 2016
  <https://opensource.googleblog.com/2016/11/cilium-networking-and-security.html>`_

.. further-reading-end

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...