As a security minded platform / DevSecOps engineer and consumer of this product, I would like a way to isolate memory and compute of sensitive cluster workloads (i.e. keycloak). One option may be taints for the nodes and tolerations / node selector for the pods as a defense in depth measure to other service mesh-related security measures.
Hypothesis: This capability will enable me to isolate sensitive workloads at the hardware level reducing risk / threat surface area that other in-cluster workloads may introduce inadvertently.
As a security minded platform / DevSecOps engineer and consumer of this product, I would like a way to isolate memory and compute of sensitive cluster workloads (i.e. keycloak). One option may be taints for the nodes and tolerations / node selector for the pods as a defense in depth measure to other service mesh-related security measures.
Hypothesis: This capability will enable me to isolate sensitive workloads at the hardware level reducing risk / threat surface area that other in-cluster workloads may introduce inadvertently.