Custom NetworkPolicy object support for clusters
Problem to solve
Once we have installed a default NetworkPolicy
object as part of creating new clusters, users will need to be able to specify custom policies depending on their specific needs.
Intended users
Further details
Proposal
Allow users to define and supply custom NetworkPolicy
objects for their cluster.
Minimal
- Users have a way to provide a
NetworkPolicy
object manifest file that they themselves wrote and have it applied to their app's cluster.- Proposal: Look for a file such as
.gitlab-custom-networkpolicy.yml
or similar in the repo and pick up the rules from there. Consider if there could be multiple files would be needed & this should be inside a directory.
- Proposal: Look for a file such as
- Provide some visual representation to users that a custom
NetworkPolicy
object has been applied to their cluster.- This is important to give users positive feedback that there intended changes have been applied or not.
Next
- Create a graphical "wizard" rules editor.
Permissions and Security
Configuration should be restricted to users with write access to the repo.
Documentation
Documentation should be updated to describe how and where to place a custom NetworkPolicy
object. It should also call out any unsupported capabilities in our implementation.
- Linking to the
NetworkPolicy
provider's full documentation could be helpful to prevent duplicating some content they have already created.
Testing
Testing of this capability should focus in several areas beyond our normal testing:
- Multiple applications in the same cluster and ensuring that one's
NetworkPolicy
does not affect the other - Multiple branches of the same project with differing definitions for the custom
NetworkPolicy
object.
What does success look like, and how can we measure that?
Percentage of repos that use our NetworkPolicy
support with a custom NetworkPolicy
defined within 3 months. Target => 50%
- Adoption of our eligible users will show that this is solving a problem that they need solved.
What is the type of buyer?
GitLab Ultimate is required for this capability.