Show Container Network Policies on the Cluster Applications Page
Problem to solve
Container Network Security users need an easy way to turn Cilium on or off.
Although this setting can be changed currently, the current approaches have limitations:
- Editing a configuration file and redeploying an environment is time-consuming and not intuitive. This approach makes it difficult to have the feature on by default.
- Question: What other options are available to disable Cilium?
In the event that Cilium is causing performance or connectivity problems, the user needs to be able to disable Cilium quickly and easily on a per-environment basis in the GitLab UI.
Intended users
Further details
Although we hope that performance problems with Cilium will never happen or will be caught in testing, there is always a risk that a problem exists as Cilium interacts with customer-specific environments. There also is a risk that the customer has introduced a connectivity problem via the policies that they have configured. Being able to turn Cilium quickly helps to mitigate this risk. This is an MVC designed to help users quickly disable in the event of a problem.
Problems to be solved
- How to enable/disable Network Policies / Cilium will be discoverable by users in the GitLab UI
- Users will be able to quickly disable Cilium in the event that it is disrupting their production environment
Proposal
- Provide a GUI to allow users to view the installed/uninstalled state of Cilium
- Provide a link to documentation on installing/uninstalling Cilium from the UI
Design:
Cilium not enabled | Cilium Enabled |
---|---|
-
UI finalized -
Interactions finalized -
Text finalized
Old proposal
Design:
Changes and additions:
- New page header
- New section header for the existing secure features
- Remove blue banner at the top of the page and use the banner copy as sub-text under the section header
- New section for Monitoring & Response features
- Add modsecurity list item
- include mod security status
- include a link to mod security GitLab docs
- include a button that links to the managed apps page
- Add Cilium list item
- include cilium status
- include a link to cilium GitLab docs
- include a button that links to the cilium configuration section of GitLab docs
Experience:
- When Cilium is turned on or off, if it is predicted to take <10 seconds, then we can just do a spinner. If it will take longer (measured in minutes) then we will likely want to inform them that it could take up to x minutes for the changes to take effect.
Permissions and Security
Users must be a Maintainer or Owner on the project. No additional permissions are required.
Documentation
- Documentation will be added to describe how to install/uninstall Cilium