fix(irc): switch AuthorizationPolicies to selector-based for ztunnel L4 enforcement
Best Practices / Polaris Audit (push) Has been cancelled
Best Practices / Resource Usage Analysis (push) Has been cancelled
Best Practices / PR Summary Report (push) Has been cancelled
Best Practices / Polaris PR Review (push) Has been cancelled
Security Scan / Trivy PR Review (push) Has been cancelled
Security Scan / Checkov IaC Scan (push) Has been cancelled
Security Scan / Checkov PR Review (push) Has been cancelled
Validate Manifests / YAML Lint (push) Has been cancelled
Validate Manifests / Kustomize Build Test (push) Has been cancelled
Validate Manifests / Kubernetes Schema Validation (push) Has been cancelled
Best Practices / Kube-score Analysis (push) Has been cancelled
Security Scan / Trivy Security Scan (push) Has been cancelled
Best Practices / Polaris Audit (push) Has been cancelled
Best Practices / Resource Usage Analysis (push) Has been cancelled
Best Practices / PR Summary Report (push) Has been cancelled
Best Practices / Polaris PR Review (push) Has been cancelled
Security Scan / Trivy PR Review (push) Has been cancelled
Security Scan / Checkov IaC Scan (push) Has been cancelled
Security Scan / Checkov PR Review (push) Has been cancelled
Validate Manifests / YAML Lint (push) Has been cancelled
Validate Manifests / Kustomize Build Test (push) Has been cancelled
Validate Manifests / Kubernetes Schema Validation (push) Has been cancelled
Best Practices / Kube-score Analysis (push) Has been cancelled
Security Scan / Trivy Security Scan (push) Has been cancelled
targetRefs: kind: Service policies require waypoint binding which is not working in Istio 1.29.2 — WaypointAccepted: False and ztunnel routes directly to pods bypassing the waypoint. Selector-based policies are enforced at ztunnel L4 without requiring waypoint.
This commit is contained in:
@@ -4,10 +4,9 @@ metadata:
|
||||
name: thelounge
|
||||
namespace: irc
|
||||
spec:
|
||||
targetRefs:
|
||||
- group: ""
|
||||
kind: Service
|
||||
name: thelounge
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
action: ALLOW
|
||||
rules:
|
||||
- from:
|
||||
|
||||
@@ -4,12 +4,15 @@ metadata:
|
||||
name: znc
|
||||
namespace: irc
|
||||
spec:
|
||||
targetRefs:
|
||||
- group: ""
|
||||
kind: Service
|
||||
name: znc
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: znc
|
||||
action: ALLOW
|
||||
rules:
|
||||
- from:
|
||||
- source:
|
||||
namespaces:
|
||||
- irc
|
||||
- to:
|
||||
- operation:
|
||||
ports:
|
||||
|
||||
Reference in New Issue
Block a user