Service Mesh DSOP Role Testing
DSOP Role Testing
RECOMMENDATION:
Advocate for service mesh as 4.x feature. Cost and timeline to write all explicit pod traffic allow rules is prohibitive and required to meet default "deny all" policy.
NOTES: Existing IaC Role test results: Job succeeded with default configurations.
3.11 Implementation Hurdles:
- Identify Labor Cost & Timeline for 3.11 implementation
- Compare against 4.x Deliverable & negative impact to 4.x Delivery timeline
- For Zero Trust policy
- Write explicit allow rules against every service/pod for Istio
- Remove Openshift Routes & Routers + Replace with Istio Routes
Edited by Mark Nissley