cd4023f5ce
emojivoto is working.
...
But... need to do major rework
only a single networkauthentication may be set
the required authenticationRefs in the authorization policy are anded
together so we should use a separate authorization policy for each
communication link
2025-01-25 12:44:01 +01:00
56398027b7
no longer including linkerd ports.
2025-01-25 12:04:35 +01:00
108f21ea58
generating policies first version.
...
Still includes linkerd ports.
2025-01-25 12:01:51 +01:00
496e58347c
adde generation of Server resources.
2025-01-19 22:18:44 +01:00
f27f3610ab
meshtlsauthentications are now generated.
2025-01-19 22:05:14 +01:00
ef99ad61e8
linkerd in progress. Network authentications generated.
2025-01-19 19:51:25 +01:00
b41c92112e
renamed pod to application in the templates directory.
2025-01-19 19:02:36 +01:00
c696c24e31
detailed the meaning of the new unauthorized flag.
2025-01-19 17:17:23 +01:00
c9022a8036
added validation of application names to prevent conflicts at a later
...
stage with genrated resource names.
The Server resource names will use the -pNNNN suffix to indicates a
linkerd Server resource for port NNNN
2025-01-19 17:08:12 +01:00
60ebbf0ef4
to generate network policy, 'generate netpol' shoul dbe used now. Also
...
added subcommand for linkerd ('generate linkerd'
2025-01-19 16:33:21 +01:00
86572e8063
now checking whether a pod is not part of any application.
2025-01-18 11:40:12 +01:00
ee8c0a2204
inferring application ports in case not configure so that they
...
can be used for linkerd authorization.
2025-01-17 21:16:41 +01:00
2066aad656
open-> closed check not takingin to account annotation and filtering out
...
cases where the From is already a CIDR.
2025-01-17 20:43:55 +01:00
b7a0b6a557
open to closed not report anymore when from is a network.
2025-01-16 21:38:48 +01:00
6a2f1b9fee
fine tuning the error messages
2025-01-12 23:26:10 +01:00
95e7106dba
now inferring the service accounts from the network policy config.
2025-01-12 22:08:33 +01:00
b3c24048d6
minor change in log output (NOTICE prefix)
2025-01-12 16:42:11 +01:00
a640b726bf
loop over communication sis now outside loop over namespaces.
2025-01-12 16:32:20 +01:00
ea6eb4e9ae
container ports are not checked by the tool with the validation option.
2025-01-12 16:30:53 +01:00
ff816a02ae
integrated the parser with the validator to ge tbetter error messages.
2025-01-12 14:56:36 +01:00
548260d3ab
added more user-friendly validation messages.
2025-01-04 13:54:29 +01:00
93a743765d
rules appear to be working.
2025-01-04 00:16:25 +01:00
144a624985
exiting with an error when a capability cannot be found.
2025-01-03 20:40:28 +01:00
852833764c
addes support for matchExpressions
2025-01-03 17:59:11 +01:00
8c229f7a93
added playground validator to validate the input more.
2025-01-03 13:25:53 +01:00
e576e00456
more fixes for the netpolicy schema.
2025-01-03 00:31:03 +01:00
b8dfaa55a4
fixed issues with schema of network policy
...
also fixed encoding of matahLabels. Now using json format so that it
also works for empty maps.
2025-01-03 00:10:32 +01:00
d85baf3beb
deterministic ordering of output.
2025-01-02 23:00:11 +01:00
eba04ec132
Ports specified at communications now override the default ports of
...
the application.
Also added some comments to the generated output.
2025-01-02 22:49:47 +01:00
01700876cf
now also supporting linkerd
...
and some cleanup
2025-01-02 19:30:31 +01:00
c522f16d64
multiple config files to allow spreading of configuration
2025-01-02 19:21:04 +01:00
5659d7c18c
apiserver cilium rules.
2025-01-02 19:01:05 +01:00
933b46c68c
No more netpols fo pods in open namespaces.
2025-01-02 18:24:02 +01:00
6d05f0501f
network policy now fully generated
2025-01-02 18:16:24 +01:00
207043d38f
work in progress. working on pod templatest.
2025-01-02 17:14:06 +01:00
8c5a099082
full parsing of config file and validation logic.
2025-01-02 12:17:41 +01:00
f99e885f7a
initial version of confiuration is now parsed.
2025-01-02 11:44:32 +01:00
4d56d8ea21
first commit
2025-01-02 11:37:20 +01:00
