Drift Analytics

What is Drift Analytics?

The new Profile Engine can also compare any managed cluster's RBAC configuration to any RBAC Profile, including automatically detecting drift for clusters with a profile applied. In addition, drift Analytics enables clients to quickly identify and resolve any RBAC Policy changes made on a cluster that is not compliant with the current profile.

Testing

To begin, select a profile and a cluster to start analyzing the drift. As noted below, only active and published profiles are made available for testing. Therefore, no profile drafts are shown.

Next, select the cluster.

Once the profile and cluster are chosen, click the Show Drift Analysis button. The evaluation starts and the overview screen below informs us it is processing the profile review.

Clicking outside the Drift Analysis screen stops the testing process.

Drift Summary

Once the test completes, it will show a Drift Summary including the profile name, the cluster it is attached to, the total number of rules in Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings.

Below this, we have the final option to implement the new profile. Click the Deploy Profile button to install the profile.

Roles / ClusterRoles / RoleBindings / ClusterRoleBindings Tabs

In each of the four tabs (Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings), we see the total number of impacted roles, whether they are missing or compliant, and the number observed on the cluster. Below that, it shows the roles, namespaces, and the number of API/Permissions involved.

The following terms reveal the presence or absence of resources, and whether additional permissions are available.

  • Total X Affected: The X value changes per tab depending on the role and presents the total number of Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings affected by the modification.
  • Missing on Cluster: Indicates that these resources are missing on the cluster. To bring them into compliance, deploy them on the profile.
  • Not Compliant: This means that these resources on the cluster are missing or have additional APIs or Verb Access. On the right side, you will see the term.
  • Present on Cluster: This signifies that these resources are present on the cluster but are not included in the profile.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated on Sep 1, 2021
Next to read:
Profiles Engine FAQ

© 2023 Platform9. All Rights Reserved

On This Page
Drift AnalyticsWhat is Drift Analytics?TestingDrift SummaryRoles / ClusterRoles / RoleBindings / ClusterRoleBindings Tabs