search

airshipit / treasuremap

Reference Airship manifests, CICD, and reference architecture.
http://openstack.org
Apache License 2.0
52 stars 39 forks source link

calico policy artifacts source of truth validation #124

Open onlysource opened 3 years ago

onlysource commented 3 years ago

Problem description (if applicable) In order to protect the environment, pre-determined calico policies will need to be in place, as desired. For any un-planned/un-tested/accidental policy changes locally, could lead to potential disruption in the environment, leading to service-denial or intrusions.

Proposed change Develop a tool, that could validate/compare local user input (policies) with the deployment repository. This tool can be called when applying the calico policies via airshipctl (with calicoctl image integrated). Creating a daemon process that would run this tool frequently and logs warning/alerts is valuable. Although, network connectivity constraints to reach 'deployment repository' will need to be considered for this effort.

Potential impacts Unintended accidental policy updates/changes could cause environment unusable.

sujeetch commented 3 years ago

Please assign to me

eak13 commented 3 years ago

All yours.

michaelfix commented 3 years ago

Related PS: https://review.opendev.org/c/airship/treasuremap/+/793094