You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Part 2: View details entry page
2 - Design of DashBoard UI and data model [Overview page]
3- Details of Cluster/ Agents/ Entries Page
Overview
This feature consists of the goal of allowing better oversight of workload identity. This consists of:
Ability to view workload identities based on organizational constructs (clusters, nodes, workloads, etc.) instead of having to map internally to agents/entries, etc.
Ability to automatically identify these constructs, or provide ability for user to annotate and define these constructs around SPIRE concepts
Ability to navigate through the constructs (e.g. clicking on a node shows all identities registered to the node/agent) and obtain information and perform actions (i.e. logs of SVID provisioning and attestations)
Consideration of moving propagation of logging information to a separate feature since the scope is rather large.... Or start with a rather naive propagation of metrics exposed by a simple tornjak API.
Motivation
Create a lower barrier of entry of utilizing SPIFFE/SPIRE for operators, CISOs, etc. who are interested in workload identity, but not familiar with underlying SPIRE mechanics.
Propagate identity use information (e.g. minting of identities, attestation actions, etc.) to the control plane for monitoring and auditing.
Provide a way to organize workload identity and agents in a way that matches the organization structure
Tasks
Ability to derive some structure based on the definition of identity (i.e. trust domains, agents, and entries parent IDs)
Ability for user to define metadata and tags around SPIRE servers, agents and entries to be used to provide structure
Dashboard
Define structure to be able to organize identity
Define the exploration dashboard overview
Within each trust domain: Clusters, nodes, workloads
On the organization level (MANAGER-ONLY): Groups
For each view, provide information related, including selectors, and general statistics
Organizational View data table
As an extension to dashboard, provide showing workload identity in table similar to entries/agents
Provide ability to filter and search based on tags and metadata
Add metadata search for entry/agent list
Information propagating:
As part of the dashboard view, additional data should be used to provide useful views and statistics, this can include:
Identity provisioning from SPIRE server logs (NOTE: Perhaps can be another feature on its own since its scope is rather big), alternatively fairly simple analysis can be done locally on each tornjak agent and only basic statistics propagated via tornjak API.
Define scalable way to keep logs up to date as well as provide filters to populate data structures. This should be done on the agent level, and propagated up to the managers.
maybe something like prometheus would work here for just metrics
Unless specified explicitly, functionality should be capable on agent views as well as managers.
Dashboard ideas
Something similar to k8s, where there is graphical information on top, and then a list of higher level constructs i.e. deployments <--> nodes/agents and pods <--> workloads
The text was updated successfully, but these errors were encountered:
Feature: Dashboard for organizational identity view
Box Note:
https://ibm.box.com/s/uu9hvimaokhbiz6qd253ow4vad7tdw59
Flows:
Stories to work on Epic
1 - Cluster Management Page
2 - Design of DashBoard UI and data model [Overview page]
3- Details of Cluster/ Agents/ Entries Page
Overview
This feature consists of the goal of allowing better oversight of workload identity. This consists of:
Consideration of moving propagation of logging information to a separate feature since the scope is rather large.... Or start with a rather naive propagation of metrics exposed by a simple tornjak API.
Motivation
Tasks
Information propagating:Information from SPIRE server Debug API (https://github.com/spiffe/spire-api-sdk/blob/main/proto/spire/api/server/debug/v1/debug.proto)Identity provisioning from SPIRE server logs (NOTE: Perhaps can be another feature on its own since its scope is rather big), alternatively fairly simple analysis can be done locally on each tornjak agent and only basic statistics propagated via tornjak API.Unless specified explicitly, functionality should be capable on agent views as well as managers.
Dashboard ideas
Something similar to k8s, where there is graphical information on top, and then a list of higher level constructs i.e. deployments <--> nodes/agents and pods <--> workloads
The text was updated successfully, but these errors were encountered: