Skip to content

GitLab built-in Kubernetes dashboard Design

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Problem to solve

As Priyanka (Platform Engineer) I want insights into a cluster around the status of my deployments, tailed logs and overall metrics, so I can troubleshoot a deployment from a review environment to production.

As an Application Operator, I want to follow how a deployment is being rolled out / rolled back, see the related metrics and be warned if my intervention is required, so I can deploy often and with confidence.

JTBD and Tasks

  • I want to be confident about the status of a recent deployment, and I want to be able to follow how it's rolled out
  • I want to know when the environment changes
  • I want to have a quick overview of the systems I own to either start my regular job or to look into potential problems
  • I want to reach the logs, metrics and traces easily from a list of reported resources
  • I want to see the metrics driving the rollout of an active canary deployment

Proposal

Provide a page with a dashboard view of all available resources. Group some common resources for better UX. For example:

Namespace - Status - Labels - Annotations

Not in scope for the MVC:

Deployment
  • Synch status
  • Labels
  • Annotations
  • Revisions
  • List of Pods
  • List of Replicasets
  • Namespace

Not in scope for the MVC:

  • CPU
  • Memory
  • Network
Pod
  • Status
  • Labels
  • Annotations
  • Namespace
  • Container image
  • Link to ReplicaSet and Deployment
  • Node
  • IP and ports
  • Mounts

Not in scope for the MVC:

  • Logs
  • Events
  • CPU
  • Memory
  • Network
ConfigMap
  • Namespace
  • Labels
  • Annotations
  • Data
Services
  • Status
  • Namespace
  • Labels
  • Annotations
  • Type
  • Selector
  • IP
  • Ports
Secret - Namespace - Type - Labels - Annotations - Data

In terms of resource views

  • We can show what the agent/user RBAC allows
  • We can show what is within an inventory object
  • Or we can start with the RBAC and have quick filters to restrict it to an inventory object

We will start with what the agent/user RBAC allows

Redact Secret on UI

@ameyadarshan mentioned in https://gitlab.com/gitlab-com/gl-security/appsec/appsec-reviews/-/issues/195

@shinya.maeda after looking at past discussions about exposing Secret data to the frontend, it seems to me that there isn't any inherent risk of doing so. If we do decide to expose this to the frontend, the best option would be to first hide it and only show it when the user explicitly clicks on it. As for retrieving this data from the backend, this will require closer attention from an appsec standpoint, mostly revolving around authorization vulnerabilities. As this feature hasn't been developed yet, I will hold off on this review until we have some code ready for reviewing. Please let me know if you have any other questions.

Figma link

https://www.figma.com/file/FJXN7dpPs6mODf6M3SWxlK/Kubernetes-Landing-Page?node-id=3818%3A42202&t=XNV3eHPs3C9BtvVf-1

Intended users

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by 🤖 GitLab Bot 🤖