-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsentinel-wasm.yaml
More file actions
35 lines (33 loc) · 887 Bytes
/
sentinel-wasm.yaml
File metadata and controls
35 lines (33 loc) · 887 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
apiVersion: extension.tsb.tetrate.io/v2
kind: WASMExtension
metadata:
name: sentinel-traffic-analyzer
tenant: devsecops
spec:
config:
apiVersion: wasm.tetrate.io/v1
kind: SentinelFilter
spec:
# Configures the WASM filter to call Sentinel AI Gateway
ai_gateway_endpoint: "ai-gateway.tetrate.svc.cluster.local:8443"
analyze_patterns:
- sql_injection
- path_traversal
- abnormal_latency
- data_exfiltration
# Block requests with risk score > 85
block_threshold: 85
# Rate limit settings
rate_limit_requests: 1000
rate_limit_window: 60s
# Deploy to all sidecars in production
workloadSelector:
namespaces:
- backend
- frontend
- api
labels:
sentinel.analysis: enabled
# Phase: AUTHZ (after auth, before routing)
phase: AUTHZ
priority: 10