Skip to content

Commit

Permalink
Create policy status overview dashboard (#432)
Browse files Browse the repository at this point in the history 
* Create policy status overview dashboard

* changelog

* Add note and documentation link.

* Add tags

* Typo

* Update helm/dashboards/charts/public_dashboards/dashboards/shared/public/policy-status.json

Co-authored-by: Quentin Bisson <[email protected]>

* Update title and UID

---------

Co-authored-by: Quentin Bisson <[email protected]>
  • Loading branch information
@stone-z @QuentinBisson
stone-z and QuentinBisson authored Jan 29, 2024
1 parent db66cbe commit 79395a5
Show file tree
Hide file tree
Showing 2 changed files with 391 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added

- Create `Policy Enforcement (PSS) Status` workload cluster compliance overview dashboard.

### Fixed

- Fix query in API server dashboard for CAPI clusters
Expand Down
387 changes: 387 additions & 0 deletions helm/dashboards/charts/public_dashboards/dashboards/shared/public/policy-status.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,387 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"gridPos": {
"h": 6,
"w": 24,
"x": 0,
"y": 0
},
"id": 4,
"options": {
"code": {
"language": "plaintext",
"showLineNumbers": false,
"showMiniMap": false
},
"content": "# Policy Status Overview\n\nThis dashboard shows aggregate policy status information for the attached workload clusters.\n\nOnly Giant Swarm-managed policies in clusters using managed security tooling are supported.\n\nAdditional information about policy enforcement is available [in our public documentation](https://docs.giantswarm.io/advanced/security/security-policy-enforcement/).",
"mode": "markdown"
},
"pluginVersion": "10.2.3",
"title": "Note",
"type": "text"
},
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 12,
"w": 12,
"x": 0,
"y": 6
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"editorMode": "code",
"expr": "sum(dipstick_policyreport_policy_summary{result=\"fail\"}) by (cluster_id)",
"instant": false,
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Failing Policies by Cluster",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 12,
"w": 12,
"x": 12,
"y": 6
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"editorMode": "code",
"expr": "sum(dipstick_policyreport_policy_summary{result=\"fail\"}) by (policy_name)",
"instant": false,
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Failures per Policy",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"description": "Percentage of policies with \"pass\" or \"skip\" (exempt) status.",
"fieldConfig": {
"defaults": {
"mappings": [],
"thresholds": {
"mode": "percentage",
"steps": [
{
"color": "red",
"value": null
},
{
"color": "orange",
"value": 50
},
{
"color": "yellow",
"value": 80
},
{
"color": "green",
"value": 90
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 27,
"w": 24,
"x": 0,
"y": 18
},
"id": 3,
"options": {
"minVizHeight": 200,
"minVizWidth": 200,
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showThresholdLabels": true,
"showThresholdMarkers": true,
"sizing": "auto"
},
"pluginVersion": "10.2.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"editorMode": "code",
"expr": "(sum(dipstick_policyreport_policy_summary{result=~\"pass|skip\"}) by (cluster_id) / sum(dipstick_policyreport_policy_summary{}) by (cluster_id) * 100)",
"hide": false,
"instant": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Compliance by Cluster",
"type": "gauge"
}
],
"refresh": "",
"schemaVersion": 39,
"tags": [
"owner:team-shield",
"topic:workload-cluster",
"topic:security",
"topic:policy"
],
"templating": {
"list": [
{
"allValue": ".*",
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"type": "prometheus",
"uid": "$datasource"
},
"definition": "label_values(dipstick_policyreport_policy_summary,cluster_id)",
"hide": 0,
"includeAll": true,
"label": "Cluster",
"multi": true,
"name": "cluster_id",
"options": [],
"query": {
"qryType": 1,
"query": "label_values(dipstick_policyreport_policy_summary,cluster_id)",
"refId": "PrometheusVariableQueryEditor-VariableQuery"
},
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"type": "query"
},
{
"current": {
"selected": false,
"text": "default",
"value": "default"
},
"hide": 0,
"includeAll": false,
"multi": false,
"name": "datasource",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-30d",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Security / Policy API / Compliance Overview",
"uid": "policy-api-compliance-overview",
"version": 1,
"weekStart": ""
}

0 comments on commit 79395a5

Please sign in to comment.