Skip to content
Calico Application Layer Policy
Go Makefile Ruby Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
checker
cmd
config
docs
git-hooks
health
policystore
proto
syncher
uds
.fossa.yml
.gitignore
Dockerfile.amd64
Dockerfile.arm64
Dockerfile.ppc64le
Dockerfile.s390x
LICENSE
Makefile
README.md
go.mod
go.sum
install-git-hooks

README.md

Application Layer Policy

Application Layer Policy for Project Calico enforces network and application layer authorization policies using Istio.

arch

Istio mints and distributes cryptographic identities and uses them to establish mutually authenticated TLS connections between pods. Calico enforces authorization policy on this communication integrating cryptographic identities and network layer attributes.

The envoy.ext_authz filter inserted into the proxy, which calls out to Dikastes when service requests are processed. We compute policy based on a global store which is distributed to Dikastes by its local Felix.

Getting Started

Application Layer Policy is described in the Project Calico docs.

You can’t perform that action at this time.