Comments (1)
tspearconquest
commented on June 18, 2024
We have another use-case for this.
We currently use the Traefik Ingress Controller's modsecurity plugin to route client to service requests through our WAF after passing through Traefik, before being sent on to the service. In the future, we would like to have our WAF also inspect service to service traffic within our cluster.
We could do this with ExternalName services and Ingress Routes as OP has done for their own separate use-case, but it would be simpler if we could address this transparently by loading the same plugin, or one similar to it but designed for the mesh, into the mesh itself. The goal is to have all requests which get routed through the service mesh are transparently routed through the WAF, where we can audit them for indicators of compromise/attack, OWASP Top Ten risks, etc, and put enforcing mode policies in place to block malicious inter-service requests in case a service becomes compromised and the attacker starts trying to move laterally in the cluster to other services.
from mesh.
Related Issues (20)
- Do not create a shadow service for NodePort and LoadBalancer services HOT 1
- Add the supported SMI spec versions in the compatibility section HOT 1
- Unable to install Maesh on AWS EKS v1.17 due to a CoreDNS issue HOT 7
- Support CoreDNS daemonsets, too HOT 3
- ACL examples YAML error HOT 2
- Can't clean my cluster from Traefik Mesh's installation HOT 3
- Support CoreDNS version 1.8.0+ HOT 2
- CoreDNS ConfigMap patch - upstream keyword in EKS with CoreDNS 1.7.0 HOT 3
- traefik-mesh proxy error HOT 1
- Port Compatible Check
- Integration to AWS services control planes to work outside out Kubernetes
- No matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1" HOT 6
- Onboarding network debugging instructions HOT 4
- unable to sync shadow service of service name bigger then 63 char HOT 3
- Please Support CoreDNS version 1.9.0 HOT 2
- Exclude some http codes from retrying HOT 2
- Most documentation not rendered HOT 4
- Can't installed on GKE
- Reduce Docker image size and improve security HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mesh.