-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathistio.yaml
34 lines (34 loc) · 959 Bytes
/
istio.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: MetadataRestrictions
metadata:
name: enforce-protected-b-istio
spec:
match:
namespaceSelector:
matchExpressions:
- key: istio-injection
operator: In
values: ["enabled"]
kinds:
- apiGroups: [""]
kinds: ["Pod"]
labelSelector:
matchExpressions:
- key: data.statcan.gc.ca/classification
operator: In
values:
- protected-b
parameters:
annotations:
- key: sidecar.istio.io/inject
fallback: 'true'
allowedValues:
- 'true'
- key: traffic.sidecar.istio.io/excludeOutboundPorts
allowedValues: []
- key: traffic.sidecar.istio.io/excludeOutboundIPRanges
allowedValues: []
- key: traffic.sidecar.istio.io/excludeInboundPorts
allowedValues: []
- key: traffic.sidecar.istio.io/excludeInboundIPRanges
allowedValues: []