Enhance Kyma Dashboard with Real-time Policy Enforcement and Resource Analysis

[valentinvieriu]

Description

As Sebastian and Mathew, I would like the Kyma Dashboard to not only allow me to scan all workloads running in my cluster for compliance with industry best practices but also to integrate these policy checks directly into the workflow of creating, editing, and viewing Kubernetes resources. This integration should provide immediate feedback on compliance issues, displaying errors, warnings, or suggestions for improvements to ensure resources meet the defined best practices. Additionally, the ScanMyCluster feature should allow for selecting specific types of resources and namespaces for scanning, with results showcasing any identified errors or inconsistencies based on updated policies in the Kyma Dashboard repository. New and existing Kyma modules should include their own set of policies, enhancing the scope of compliance checks.

Acceptance Criteria

• [ ] Ability to perform real-time policy checks when creating, editing, and viewing Kubernetes resources in the Kyma Dashboard.
• [ ] Display of compliance issues as errors, warnings, or improvement suggestions during the resource creation and editing process.
• [ ] A dedicated section on the resource detail page for displaying compliance analysis with actionable insights.
• [ ] Integration of ScanMyCluster feature for comprehensive cluster scanning based on selected resource types and namespaces.
• [ ] Policies and best practices for Kubernetes resources maintained and updated in the Kyma Dashboard repository.
• [ ] Automatic inclusion of module-specific policies for enhanced compliance checks across all Kyma modules.

Business Value

Implementing these features significantly enhances operational governance, security, and efficiency by providing real-time feedback and comprehensive compliance checks. This proactive approach ensures that Kubernetes resources are configured correctly from the start, reducing the risk of security vulnerabilities and operational issues.

Reasons

The integration of real-time policy enforcement directly into the resource management workflow empowers developers to create and maintain compliant and secure Kubernetes resources efficiently. It addresses the need for continuous compliance and security in a dynamic cloud-native environment, providing immediate insights and corrective actions.

Dependencies

• Development of a real-time policy enforcement engine.
• Regular updates to the policy and best practice guidelines.
• Mechanisms for Kyma modules to contribute module-specific policies.

Non-functional Requirements

• The policy enforcement process should be efficient and not significantly impact the user experience during resource creation and editing.
• Scalable to support large numbers of policies and complex compliance checks.
• Policies should be easily updatable to adapt to new industry standards and best practices.

Notes and Comments

Future considerations include the ability to customize or extend the set of policies based on organizational needs and the integration of external policy management tools.

Size or Effort

The effort to integrate real-time policy checks and enhance the resource management workflow in the Kyma Dashboard is substantial, requiring close collaboration between development, security, and operations teams.

Mockups or Diagrams

Mockups and diagrams illustrating the user interface changes for policy enforcement during resource creation, editing, and viewing will be developed as part of the design phase.

Useful Links

• Datree

[varbanv]

@valentinvieriu given the decision to go forward with implementing a policy scanning and enforcement tool module, should we not change this epic to provide a more integrated interface for that new module?