Gatekeeper Policy Manager turns 1 year old!

Let's recap together all the improvements done in the first year of Gatekeeper Policy Manager

Gatekeeper Policy Manager turns 1 year old!


It's been almost a year since we announced Gatekeeper Policy Manager (GPM) to the public! But we haven't updated you since then on all the progress we've been making in our web-based tool that helps you understand in a simple glance the status of the Gatekeeper policies in your Kubernetes cluster and if there are violations to them that you should take care of.

In this time that has passed, we've done 5 official releases fixing several bugs and improving the user experience by changing little things here and there. As you know, the devil is in the details.

Let's recap together the most important changes made to GPM 💪🏻

Constraints view improvements

Starting with the constraints view, which is probably where you'll spend most of your time using the tool, we've made several improvements. In v0.2 we improved the way we show the violations, changing from a list view to a table view. This improves the readability when the number of violations is high.

List view of violations for a constraint (before)

Table view of violations for a constraint (after)

Speaking of having to analyse a lot of violations, in v0.4.0 we added a little feature to help you with that. When you click on a violation it gets "selected". You might find this useful when you want to focus on just some of the violations or to highlight an entry to someone, for example.

As you can see in the previous animation, in v0.4.1 we added a warning when the number of violations that Gatekeeper audits is less than the total violations.

All these changes are helpful when there are a lot of violations, but what about when there are no violations? We now show a message instead of an empty entry, so you can be sure in a glance that everything is OK ✅:

A constraint without violations

Support for Gatekeeper config CRDs

We also added support for Gatekeeper's "config" CRDs, so you can view all the config CRDs defined in your cluster as easily as you would do with the constraints and constraint templates: in a nice UI. You can even inspect the YAML right from the UI if you prefer.

Configs view

In v0.3.0 we improved error handling in general. For example, we fixed a crash when constraints don't have a match criteria defined or when the spec section of a constraint is missing, and we show nicer messages to the user in some corner cases, such as when there are no constraint templates instead of showing an empty view, or the label selector not being shown correctly on the constraints view.

Improved Rego code view

We've also improved the way we show Rego code on the constraint templates view. In v0.3.0 we started showing the line numbers and since v0.4.2 we’ve had much better syntax highlighting:

Rego code view (before)
Rego code view (after)

When you have a considerable number of constraints or constraint templates defined, finding the one you are interested in can be a little tricky. To help you focus on the things you care about, we added animations in v0.4.2 highlighting (shaking, actually) the entry when you follow a link or click it on the navigation bar:

Section highlighting in action

Offline version, better dependency updates and release pipeline

More generally, since v0.3.0 we've also added support for a completely offline frontend (nothing is pulled from the Internet) and a favicon. And in every release, we've been updating the base docker image and all the dependencies to the latest versions available to provide you with the latest security fixes.

In v0.4.0 we've focused on improving our release pipeline. Since then, we’ve automated the E2E testing of the app against a pristine Kubernetes cluster with Gatekeeper on every commit and pull request (PR). Thanks to renovatebot, we also have automatic PRs on dependency updates that are automatically tested end to end as a consequence.

Upgrade details

If you are already using GPM, you can update to the latest release (v0.4.2) and enjoy all the improvements without worries.  There are no breaking changes between any of these releases. 🎉

If you experience any issues or need support, feel free to open an issue on GitHub. We will be more than happy to help you.

Conclusion

Thank you for reading and remember that GPM is open source! You can deploy it to your cluster for free and contribute with any modification that you find useful; we'll gladly review it and merge it. In fact, some of the fixes shown in this post already came from the community!

Last but not least, if you have already been using it for a while and there's something that is bothering you, you would like some change, or you are enjoying it, please let us know by opening an issue on GitHub. We'd love to hear from you.