Cluster NetworkPolicy statistics
Problem to solve
Users will be using
NetworkPolicy objects in their cluster to restrict access and ensure resources aren't being abused, but it is difficult to view the status of what is happening, what has happened, and if any potential/actual abusive activity was blocked or logged.
Today, users will only be able to see the logs of their cluster and what has been blocked and/or logged if they use a terminal to connect directly to the cluster and look at Pod logs. While this is doable, it is difficult, time-consuming, and could be an overload of information. It also means users will have to leave GitLab to find this information.
- Add a new area for Container Network Policies on the Threat Monitoring page
- Create an identifiable separation between CNP statistics and WAF statistics for the user
- Display packet activity statistics to the user in the Container Network Policy section of the Threat Monitoring page.
- Blue info icon next to Threat Monitoring page title should now take the user to the documentation where they can either see info for both the WAF and CNP or where they can easily navigate to that info.
- Remove blue alert banner seen here.
|MVC version: CnP statistics|
|No WAF data||No Cilium data||No Environments|
|(?) icon hoverstate (all instances)|
We want to show statistics about packets for this first iteration. Specifically:
Counts (above the chart)
- Dropped packets as a % of total packets for the filtered timeframe)
#Total packets (for the filtered timeframe)
- Total packets (for the filtered timeframe)
- Dropped packets as a percent of the total (for the filtered timeframe)
The filtered timeframe is the Show last filter the user can apply.
- Create a screen on the
Security & Compliancemenu to display traffic processed by Cilium
- Proposal to largely mirror the interfaces used for the WAF
- Place behind disabled-by-default
- Display overarching statistics, such as number and percentage of traffic that has been blocked
Create a(will be covered in its own issues, not this one)
Findingobject every time a piece of traffic is blocked due to a
Permissions and Security
Permissions should match those required by the Security Dashboard