Skip to content
Calico Application Layer Policy
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
checker
cmd
config
docs Update readme for GA information Aug 21, 2018
git-hooks
health Add license header Apr 4, 2019
policystore Replace incorrect log import Jul 17, 2018
proto
syncher
uds Retry Policy Sync API Apr 24, 2018
.fossa.yml Update fossa config Apr 5, 2019
.gitignore
Dockerfile.amd64 Update build files Mar 30, 2019
Dockerfile.arm64 Update build files Mar 30, 2019
Dockerfile.ppc64le
Dockerfile.s390x Update build files Mar 30, 2019
LICENSE Add Apache 2.0 License information. Nov 29, 2017
Makefile
README.md
glide.lock
glide.yaml Automated libcalico pin update Jun 15, 2019
install-git-hooks

README.md

Application Layer Policy

Application Layer Policy for Project Calico enforces network and application layer authorization policies using Istio.

arch

Istio mints and distributes cryptographic identities and uses them to establish mutually authenticated TLS connections between pods. Calico enforces authorization policy on this communication integrating cryptographic identities and network layer attributes.

The envoy.ext_authz filter inserted into the proxy, which calls out to Dikastes when service requests are processed. We compute policy based on a global store which is distributed to Dikastes by its local Felix.

Getting Started

Application Layer Policy is described in the Project Calico docs.

You can’t perform that action at this time.