Gatekeeper with Istio

This page summarizes the projects mentioned and recommended in the original post on dev.to
Kubernetes Cncf Microservices Opa service-mesh

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • istio

    Connect, secure, control, and observe services.

    • apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: annotations: description: Explicit protocol selection either by name or appProtocol name: istioexplicitprotocolselection spec: crd: spec: names: kind: IstioExplicitProtocolSelection validation: openAPIV3Schema: type: object properties: prefixes: type: string protocols: type: array items: type: string targets: - target: admission.k8s.gatekeeper.sh rego: |- # https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/ package istio.security.protocolselection import future.keywords violation[{"msg": msg}] { protocols := input.parameters.protocols some port in input.review.object.spec.ports not _is_valid(port, protocols) msg := sprintf("port: %v name or appProtocol is invalid", [port]) } # port has appProtocol, or appProtocol with name # when have both name and appProtocol the latter takes precedence _is_valid(port, protocols) { port.appProtocol _match_app_protocol(port.appProtocol, protocols) } # port has name only _is_valid(port, protocols) { not port.appProtocol port.name _match_port_name(port.name, protocols) } _match_app_protocol(protocol, protocols) { protocol in protocols } # port name meets the pattern: - _match_port_name(port_name, protocols) { protocol := split(port_name, "-")[0] protocol in protocols }

  • gatekeeper

    🐊 Gatekeeper - Policy Controller for Kubernetes

    • Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • frameworks

    • Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts