Add Collector security documentation

[tiffany76]

This PR moves end user security documentation from a README in the Collector core repository to the OTel docs website.

Based on decisions in previous issues and PRs, the following are assumed:

• Security documentation intended for component developers will remain in the README, which will be amended in a follow-up PR.
• Both documents will cross-reference the other.
• The top-level Collector landing page and the Collector configuration page will link to the security documents.

Tracking issue: #3479
Related to: #3227

NOTE: Much of the work for this PR was done by @mjingle in #3652. With her permission, I am building on her efforts.

[tiffany76]

Still lots to do. I'll let everyone know when it's in a state fit for reviewing. 👍

[reyang]

"one receiver and one exporter" seems very strict, what if the user wants to fork the data to two different targets? (e.g. are we suggesting that forking data is not recommended from security perspective?)

[jpkrohling]

I agree with @reyang -- where is this coming from?

[tiffany76]

Thanks, all! The content so far has been copied from an earlier draft of this documentation. I think this sentence was an edit of the following statement in the core respository's README:

The configuration drives the Collector's behavior and care should be taken to ensure the configuration only enables the minimum set of capabilities and as such exposes the minimum set of required ports.

I will remove the "one receiver and one exporter" restriction from this PR.

[tiffany76]

I've reworked the intro to this section (Receivers and exporters) based on the comments. Please let me know what you think. No rush. I still have lots to do. Thanks!

[reyang]

Resource exhaustion is a great topic, I feel the current description is a bit misleading - even if the settings are correct, OpenTelemetry Collector can still cause resource exhaustion - is this the current state or there is already a solid solution for resource governance?

[tiffany76]

Hi @reyang, I removed the mention of resource exhaustion here. The topic is addressed in more detail in the Processors section. I'll let you know once I start work on it. Thanks!

[tiffany76]

Hi again. I updated the resource utilization section in 8605abb.

[reyang]

I don't recall the exact details, would this bind to both IPv4 and IPv6, or the Collector has a recommendation regarding how to specify IPv4/v6 explicitly?

[jpkrohling]

IIRC, "localhost" binds to both. In fact, localhost is the default today already, so this recommendation might need to be reworded, as it's probably reminiscent from the days where we bound to all IPs (0.0.0.0).

[tiffany76]

I've rewritten the DOS safeguard section as well, with updated information about localhost.

Rather than provide an example of binding to a pod's IP, I linked to the README section. Unless you think that content (Docker, Kubernetes, etc.) is relevant to end users and belongs on the website? I was trying to draw a line between end user and developer content, but I'm happy to make changes.

[jpkrohling]

I'm pretty sure we have a guidance somewhere stating that people should not store PII in telemetry data. Perhaps we should reinforce it here, and add a link to that place? Something like: "help you protect telemetry that shouldn't, but might contain sensitive information, such ..."

[tiffany76]

Still searching for the existing guidance, but I've updated the wording as suggested. I'll keep looking for the PII reference.

[jpkrohling]

I agree with @reyang -- where is this coming from?

[jpkrohling]

IIRC, "localhost" binds to both. In fact, localhost is the default today already, so this recommendation might need to be reworded, as it's probably reminiscent from the days where we bound to all IPs (0.0.0.0).

[tiffany76]

Hi folks! I'm moving this PR out of draft. It's ready for review (finally)!

Just a couple thoughts:

• I think I have addressed all the comments so far, but I did rewrite most of the content, so you might have trouble finding your comments in the changed files. I'm sorry about that.
• I just reread @jpkrohling's comment about keeping these docs closer to the Collector getting started docs. I know there was some back and forth about it. I don't have a preference either way and will move the files to the Collector docs, if that's what everyone agrees on.
• I will be AFK next week, so that will be a prime time for everyone to pile on the reviews. 😃

EDIT to add preview links:
Security landing page
Configuration best practices
Hosting best practices

[svrnm]

minor comment, but looks good to me overall, great work! 🎉

[svrnm]

should we move that into the frontmatter description, it reads like one

[tiffany76]

It might be a little long for the description. Let me take another shot at making the wording more intro-like.

[mx-psi]

This section is worded differently from the others, I would rephrase it so that it more explicitly tells you what to do (use the least amount of privilege required).

[tiffany76]

Good catch on the change in wording! I used the example that @jpkrohling gave in a comment that I can't find now. I will work on rephrasing it to match the other examples on the page.