Skip to content

Commit

Permalink
Document missing Istio authorization policy flag (#110)
Browse files Browse the repository at this point in the history
  • Loading branch information
@orishoshan
orishoshan committed Aug 8, 2023
1 parent b7a7a34 commit 2111767
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion docs/reference/configuration/intents-operator/helm-chart.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor
| `global.telemetry.enabled` | If set to `false`, anonymous telemetries collection will be disabled | `true` |


## Operator parameters
## Operator parameters
| Key | Description | Default |
|---------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
Expand All @@ -35,9 +34,11 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor
| `operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` |
| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` |
| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
| `operator.resources` | Resources override. | |
| `operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` |

## Watcher parameters
| Key | Description | Default |
Expand Down
3 changes: 2 additions & 1 deletion docs/reference/configuration/otterize-chart/README.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,10 +56,11 @@ Further information about intents-operator parameters can be found [in the inten
| `intentsOperator.operator.enableEnforcement` | If set to false, enforcement is disabled globally (both for network policies and Kafka ACL). If true, you may use the other flags for more granular enforcement settings | `true` |
| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to ClientIntents | `true` |
| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to ClientIntents of type Kafka | `true` |
| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to ClientIntents | `true` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
| `intentsOperator.operator.resources` | Resources override. | |
| `intentsOperator.operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` |
| `intentsOperator.operator.enableDatabaseReconciler` | **experimental** - Enables experimental support for database intents (coming soon!) | `false` |


## SPIRE parameters
Expand Down

0 comments on commit 2111767

Please sign in to comment.