Gatekeeper with Istio

This page summarizes the projects mentioned and recommended in the original post on dev.to
Kubernetes Cncf Microservices Opa service-mesh

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • istio

    Connect, secure, control, and observe services.

    • apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: annotations: description: Explicit protocol selection either by name or appProtocol name: istioexplicitprotocolselection spec: crd: spec: names: kind: IstioExplicitProtocolSelection validation: openAPIV3Schema: type: object properties: prefixes: type: string protocols: type: array items: type: string targets: - target: admission.k8s.gatekeeper.sh rego: |- # https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/ package istio.security.protocolselection import future.keywords violation[{"msg": msg}] { protocols := input.parameters.protocols some port in input.review.object.spec.ports not _is_valid(port, protocols) msg := sprintf("port: %v name or appProtocol is invalid", [port]) } # port has appProtocol, or appProtocol with name # when have both name and appProtocol the latter takes precedence _is_valid(port, protocols) { port.appProtocol _match_app_protocol(port.appProtocol, protocols) } # port has name only _is_valid(port, protocols) { not port.appProtocol port.name _match_port_name(port.name, protocols) } _match_app_protocol(protocol, protocols) { protocol in protocols } # port name meets the pattern: - _match_port_name(port_name, protocols) { protocol := split(port_name, "-")[0] protocol in protocols }

  • gatekeeper

    🐊 Gatekeeper - Policy Controller for Kubernetes

    • Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • frameworks

    • Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes

    9 projects | dev.to | 8 Jun 2023

  • PART 1: Deploy modern applications on a production grade, local Kubernetes Cluster with Istio Service Mesh and Observability.

    1 project | dev.to | 28 May 2024

  • Multi-region YugabyteDB deployment on AWS EKS with Istio

    3 projects | dev.to | 2 May 2024

  • Improve your EKS cluster with Istio and Cilium : Better networking and security

    1 project | dev.to | 9 Apr 2024

  • Optimal JMX Exposure Strategy for Kubernetes Multi-Node Architecture

    2 projects | dev.to | 27 Mar 2024