High Level Overview of CRD with YAML

CRD operates in k8s and istio mode. Currently the CRD decides which way to implement based on the namespace having the label, istio-injection=enabled.

CRD has a name and namespace.

CRD consists of a list of services, micro-services that reside in a namespace. (*) Services provide information on the Deployment information to create the appropriate objects and each service specifies allowed Clients (Callers) (Services, NetworkPolicy, Rules, etc)

Sections

Services

• Only allowed communication
• istio extended to namespace flexibility
• Istio - Egress (ServiceEntry)

Auth

• Firebase
• Google

GCP Access

• Service Account in Secrets
• Vault Plugin