This view would enable users to be able to visualise effective policy on cluster, and provide users with visual context as to where policies are coming from, as well as inheritance/overrides.
An example of using policy-machinery to visualise Kuadrant resources exists here:
Build a new React component to render graphviz charts emitted from policy machinery.
We want this to be a separate component as we want to also support this useful UI in Kubernetes as well, perhaps as a standalone service.
Work out where to put policy-machinery.
is it installed as part of our operator, and it shows effective policy via a new CR that the UI component can render?
View needs to be available to both the Developer and Administrator perspectives
Need to figure out permissions with the use-case below - want developers to be able to gain some insights into "upstream" policies, without necessarily having permission to read these resources. Insights here could simply be: type, name, namespace and owner?
A use case:
I'm a developer. I have access to some namespaces, but I am not a cluster-admin. I've created a service, and have exposed it via a Gateway. My service seems to be rate limited by some "infrastructure" level rate limits that have been applied to the Gateway, and have been setup by a platform engineer elsewhere in my team. I want to be able to determine where this rate limit policy came from, and who owns it so that I can figure out more about it.
Look at utilising https://github.com/Kuadrant/policy-machinery to build an effective policy topology view.
This view would enable users to be able to visualise effective policy on cluster, and provide users with visual context as to where policies are coming from, as well as inheritance/overrides.
An example of using
policy-machinery
to visualise Kuadrant resources exists here:https://github.com/Kuadrant/policy-machinery/tree/main/examples/kuadrant
In essence, we want to:
A use case:
I'm a developer. I have access to some namespaces, but I am not a cluster-admin. I've created a service, and have exposed it via a
Gateway
. My service seems to be rate limited by some "infrastructure" level rate limits that have been applied to the Gateway, and have been setup by a platform engineer elsewhere in my team. I want to be able to determine where this rate limit policy came from, and who owns it so that I can figure out more about it.Tasks: