Tetrate Service BridgeVersion: 1.11.xSegmentation Rules
The segmentation feature is in an early access alpha state. Before trying this in a non production environment, please reach out to Tetrate first.
Segmentation Rules define an Access Control Lists (ACLs) that can be applied to resources to control access between them. Rules define the llowed communication paths between resources. These rules are based on defined Segmentation Policies and Zones.
apiVersion: segmentation.tsb.tetrate.io/v1
kind: SegmentationRules
metadata:
organization: myorg
name: ring-policies
spec:
rules:
# ingress -\> yellow
- from: [ring/ingress]
to: [ring/yellow]
# yellow -\> amber
- from: [ring/yellow]
to: [ring/amber]
# amber -\> red
- from: [ring/amber]
to: [ring/red]
Segmentation Rules act as whitelists for allowed communication patterns to the resources protected by the policies. This means that for any resource that belongs to a zone that is captured by a rule, a "deny all" default policy is configured and only communications explicitly specified in a rule will be allowed.
SegmentationRules
Segmentation Rules define an Access Control Lists (ACLs) that can be applied to resources to control access between them. Rules define the llowed communication paths between resources. These rules are based on defined Segmentation Policies and Zones.
Segmentation Rules act as whitelists for allowed communication patterns to the resources protected by the policies. This means that for any resource that belongs to a zone that is captured by a rule, a "deny all" default policy is configured and only communications explicitly specified in a rule will be allowed.
| Field | Description | Validation Rule |
|---|---|---|
rules | List of tetrateio.api.tsb.segmentation.v1.SegmentationRules.Rule | – |
Rule
A rule is a single entry in an Access Control List (ACL).
| Field | Description | Validation Rule |
|---|---|---|
from | List of string | repeated = { |
to | List of string | repeated = { |