meshpassthroughs: Allow services to communicate with external endpoints - Policy

Allow services to communicate with external endpointsv2.8+

Allow a subset of services to communicate with specific external endpoints

Configuration

apiVersion: kuma.io/v1alpha1
kind: MeshPassthrough
metadata:
  name: allow-some-passthrough
  namespace: kong-mesh-system
  labels:
    kuma.io/mesh: default
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: demo-app
  default:
    passthroughMode: Matched
    appendMatch:
    - type: Domain
      value: httpbin.org
      protocol: tls
      port: 443
    - type: IP
      value: 10.240.15.39
      protocol: tcp
      port: 8888
    - type: CIDR
      value: 10.250.0.0/16
      protocol: tcp
      port: 10000
    - type: Domain
      value: "*.wikipedia.org"
      protocol: tls
      port: 443
    - type: Domain
      value: httpbin.dev
      protocol: http
      port: 80

type: MeshPassthrough
name: allow-some-passthrough
mesh: default
spec:
  targetRef:
    kind: Dataplane
    labels:
      app: demo-app
  default:
    passthroughMode: Matched
    appendMatch:
    - type: Domain
      value: httpbin.org
      protocol: tls
      port: 443
    - type: IP
      value: 10.240.15.39
      protocol: tcp
      port: 8888
    - type: CIDR
      value: 10.250.0.0/16
      protocol: tcp
      port: 10000
    - type: Domain
      value: "*.wikipedia.org"
      protocol: tls
      port: 443
    - type: Domain
      value: httpbin.dev
      protocol: http
      port: 80

Please adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration.

resource "konnect_mesh_passthrough" "allow_some_passthrough" {
  provider = konnect-beta
  type = "MeshPassthrough"
  name = "allow-some-passthrough"
  spec = {
    target_ref = {
      kind = "Dataplane"
      labels = {
        app = "demo-app"
      }
    }
    default = {
      passthrough_mode = "Matched"
      append_match = [
        {
          type = "Domain"
          value = "httpbin.org"
          protocol = "tls"
          port = "443"
        },
        {
          type = "IP"
          value = "10.240.15.39"
          protocol = "tcp"
          port = "8888"
        },
        {
          type = "CIDR"
          value = "10.250.0.0/16"
          protocol = "tcp"
          port = "10000"
        },
        {
          type = "Domain"
          value = "*.wikipedia.org"
          protocol = "tls"
          port = "443"
        },
        {
          type = "Domain"
          value = "httpbin.dev"
          protocol = "http"
          port = "80"
        }
      ]
    }
  }
  labels   = {
  "kuma.io/mesh" = konnect_mesh.my_mesh.name
  }
  cp_id    = konnect_mesh_control_plane.my_meshcontrolplane.id
  mesh     = konnect_mesh.my_mesh.name
}

meshpassthrough

Allow services to communicate with external endpointsv2.8+

Configuration

Help us make these docs great!

Still need help