yarn run format:fix

nebari-dev · Oct 25, 2024 · 460716f · 460716f
1 parent 331ec51
commit 460716f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 16 deletions.
diff --git a/docs/docs/references/container-sources.md b/docs/docs/references/container-sources.md
@@ -1,20 +1,22 @@
 ## Deploying and Running Nebari from a Private Container Repository
-Nebari deploys and runs FOSS components as containers running in Kubernetes. 
-By default, Nebari sources each container from the container's respective public repository, typically `docker.io` or `quay.io`. 
+
+Nebari deploys and runs FOSS components as containers running in Kubernetes.
+By default, Nebari sources each container from the container's respective public repository, typically `docker.io` or `quay.io`.
 This introduces supply-chain concerns for security-focused customers.
 
+One solution to these supply-chain concerns is to deploy Nebari from private locally-mirrored containers:
 
-One solution to these supply-chain concerns is to deploy Nebari from private locally-mirrored containers:  
 - Create a controlled private container repository (e.g. ECR or GitLab Container Repo)
 - Mirror all containers used by Nebari into this private container repository
 - Use the `overrides` mechanism in `nebari-config.yaml` to specify the mirrored container sources
 
-Deploying Nebari in this fashion eliminates significant supply chain surface-area, but requires identifying all containers used by Nebari.  
+Deploying Nebari in this fashion eliminates significant supply chain surface-area, but requires identifying all containers used by Nebari.
 
 The following configuration enumerates all container images used by Nebari 2024-9-1 and demonstrates how to source them from a private repo denoted by the string `[LOCAL_REPO]`.  
 The commented-out elements document the original public sources from which the container images are to be mirrored.
 
 ### Nebari 2024-9-1 Containers
+
 ```
 default_images:
   #jupyterhub: quay.io/nebari/nebari-jupyterhub:2024.5.1

diff --git a/docs/docs/references/enhanced-security.md b/docs/docs/references/enhanced-security.md
@@ -1,22 +1,23 @@
 ## Nebari Security Considerations
 
-The security of *AWS Nebari* deployments can be enhanced through the following deployment configuration options in `nebari-config.yaml`:
+The security of _AWS Nebari_ deployments can be enhanced through the following deployment configuration options in `nebari-config.yaml`:
 
 - **Explicit definition of container sources**  
-This option allows for the use of locally mirrored, security-hardened, or otherwise customized container images in place of the containers used by default.
-See: [container-sources](container-sources-2024-09-1.md)
-
+  This option allows for the use of locally mirrored, security-hardened, or otherwise customized container images in place of the containers used by default.
+  See: [container-sources](container-sources-2024-09-1.md)
 
 - **Definition of an ssh key that can access EKS hosts**  
-EKS hosts by default cannot be accessed via ssh. This configuration item allows ssh access into EKS hosts, which can be useful for troubleshooting or external monitoring and auditing purposes.
+  EKS hosts by default cannot be accessed via ssh. This configuration item allows ssh access into EKS hosts, which can be useful for troubleshooting or external monitoring and auditing purposes.
+
 ```
 amazon_web_services:
   ec2_keypair_name: [example_keypair_name] # Name, not ARN
 ```
-  
+
 - **Installation of custom SSL certificate(s) into EKS hosts**  
-Install private certificates used by (e.g.) in-line content inspection engines which re-encrypt traffic.
-```  
+  Install private certificates used by (e.g.) in-line content inspection engines which re-encrypt traffic.
+
+```
   extra_ssl_certificates: |
     -----BEGIN CERTIFICATE-----
     MIIF...<snip>...ABCD
@@ -27,14 +28,16 @@ Install private certificates used by (e.g.) in-line content inspection engines w
 ```
 
 - **Private EKS endpoint configuration**  
-Mirrors the corresponding AWS console option, which routes all EKS traffic within the VPC.
+  Mirrors the corresponding AWS console option, which routes all EKS traffic within the VPC.
+
 ```
   eks_endpoint_private_access: true
   eks_endpoint_public_access: false
 ```
 
 - **Deploy into existing subnets**  
-Instructs Nebari to be deployed into existing subnets, rather than creating its own new subnets.
+  Instructs Nebari to be deployed into existing subnets, rather than creating its own new subnets.
+
 ```
 existing_subnet_ids:
     - subnet-0123456789abcdef
@@ -48,8 +51,9 @@ ingress:
       service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-0123456789abcdef,subnet-abcdef0123456789"
 ```
 
-- **Use existing SSL certificate**    
-Instructs Nebari to use the SSL certificate specified by `[k8s-custom-secret-name]`
+- **Use existing SSL certificate**  
+  Instructs Nebari to use the SSL certificate specified by `[k8s-custom-secret-name]`
+
 ```
 certificate:
   type: existing