-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: annotations: description: Explicit protocol selection either by name or appProtocol name: istioexplicitprotocolselection spec: crd: spec: names: kind: IstioExplicitProtocolSelection validation: openAPIV3Schema: type: object properties: prefixes: type: string protocols: type: array items: type: string targets: - target: admission.k8s.gatekeeper.sh rego: |- # https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/ package istio.security.protocolselection import future.keywords violation[{"msg": msg}] { protocols := input.parameters.protocols some port in input.review.object.spec.ports not _is_valid(port, protocols) msg := sprintf("port: %v name or appProtocol is invalid", [port]) } # port has appProtocol, or appProtocol with name # when have both name and appProtocol the latter takes precedence _is_valid(port, protocols) { port.appProtocol _match_app_protocol(port.appProtocol, protocols) } # port has name only _is_valid(port, protocols) { not port.appProtocol port.name _match_port_name(port.name, protocols) } _match_app_protocol(protocol, protocols) { protocol in protocols } # port name meets the pattern: - _match_port_name(port_name, protocols) { protocol := split(port_name, "-")[0] protocol in protocols }
Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:
Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:
Related posts
-
A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes
-
PART 1: Deploy modern applications on a production grade, local Kubernetes Cluster with Istio Service Mesh and Observability.
-
Multi-region YugabyteDB deployment on AWS EKS with Istio
-
Improve your EKS cluster with Istio and Cilium : Better networking and security
-
Optimal JMX Exposure Strategy for Kubernetes Multi-Node Architecture