User interface plugins

[alexec]

Currently, to add a new resources to the UI you need to implement both backend and frontend changes:

• Add new proto.
• Write some Golang code.
• Implement the UI changes.

Unlike workflows APIs, the events and dataflow APIs are generic, we could replace them with a "dynamic" API that uses the dynamic.NewClient. That would open up a bunch of APIs that could be used to support any resource we wanted.

This dynamic API would make the events and dataflow APIs redundant.

Argo CD has a UI extension mechanism to load the rollouts into the UI that is proven. We can lift inspiration from this for a similar feature in workflows.

Et voila - we have a user interface with extensibility.

Other needs:

• Add new routes and left-hand nav items to the UI.
• Embed UI elements into other pages to add use case specific features.
• A way to easily package and publish UI extensions.

Workflow APIs are too complex to generalise, e.g. there is as /suspend API with logic behind it. So we need a way for users to plugin logic too (TBD).

[DhairyaBahl]

Hello @alexec ! I am willing to work on this issue but I am not familiar with cncf projects. I am facing a small issue that resources are more than enough and I am feeling a bit lost in all these repos and all. Kindly help me out a bit. I would also love to start contributing on this.

If this issue is available then kindly assign this to me.

[alexec]

Hi @DhairyaBahl this issue is currently being held for Google Summer of Code. It’s a really big issue and wide ranging issue, with potential for massive impact, and would require some time and dedication. We do have a lot of issues marked “good first issue” which are great places to start contributing (if you have not done so before). Users vote for issues with 👍 so you can sort issues by 👍 to find popular issues.

[DhairyaBahl]

@alexec Understood! Thanks for explaining this part to me. I will checkout other issues for the time being. 😄

[momom-i]

Hi, is this issue opened and could anyone work on it now?

[agilgur5]

I had been thinking of a relatively simple (and not necessarily the most efficient or secure method) way to do UI plugins in #12682 (comment) and #12943 (comment).

If we have a "Settings" page (or section on the UserInfo page or on the Plugins page or something), we could potentially just allow users to add arbitrary JS links there. Like all settings, they'd be stored in localStorage and so persisted across sessions.
That way we could load a completely arbitrary JS script on page load and it would be entirely user preference what they add.

Executing arbitrary JS is not the safest thing, of course, but there's no great way of sandboxing DOM interactions in JS right now (WASM and Worker interop are possible, but are not quite yet practical). A user would have to manually copy+paste the URL themselves as well and we could add a bunch of warnings around that.
Also, on the security side, the Server's CSP would have to allow the script if it's loaded from a different domain. Otherwise we'd need the Server to serve user scripts which increases complexity in that it would require new back-end functionality and require that operators have to deploy custom images with those scripts (or otherwise volume mount them etc). So an operator/cluster-admin would have to opt-in (a user could further opt-in at that point, or could be auto opted-in if their admin has configured it).

It's also not the most efficient as it's an arbitrary script and not a React component or similar; it has no way of interacting with the app state and so can conflict with React's reconciliation. Plus it might end up duplicating libraries and bundler code etc.

But it seems like a workable, simple PoC, particularly for things like overlays. Effectively it could work like browser extensions, minus the isolation those have (pending the permissions an extension needs).
Maybe could be behind an env variable so that the feature is not considered production-ready nor that it has a stable API to rely on for plugins -- i.e. purely experimental, but usable