Linkerd
Otterize can enforce access between services using Linkerd Authorization Policies.
Tutorials
To learn how to use the Intents Operator to enforce access using Linkerd authorization policies. Try the quickstart tutorial below.
How does Otterize work with Linkerd?
- First, the cluster must have Otterize installed.
- To have Otterize generate Linkerd authorization policies, declare and apply (IBAC) ClientIntents for your services. Once you do so, Otterize will generate a Linkerd authorization policy allowing access from the client service, identified by its service account, to the server, identified by a Linkerd Server resource. The HTTP Resources section in the ClientIntents is optional: if you do not specify it, all pod-to-pod access is allowed.
apiVersion: k8s.otterize.com/v2beta1
kind: ClientIntents
metadata:
name: client
namespace: otterize-tutorial-linkerd
spec:
workload:
name: client
kind: Deployment
targets:
- kubernetes:
name: server-abc
kind: Deployment
http:
- path: /client-path
methods: [ GET ]