Policies

Policies offer an evaluation algorithm to ensure desired behavior enforcement. Policies can be applied to components and relationships, defining rules and actions based on predefined conditions.

Policy Evaluation

The relationships are a powerful way to design your infrastructure and each of them are backed by one or more policies. Policies evaluate the designs for potential relationships and the decide whether to create/delete/update the relationships.

Meshery Server has a built-in policy engine, based on Open Policy Agent (OPA). Currently, Meshery Server is the only place where the policy evals occur. Policy evaluation is invoked each time a design is updated, and each time a design is imported. By default, policies evaluate for all registered relationships.

In any given Meshery deployment, you can reference and search the full set of registered policies (in Meshery’s internal registry) in using either of Meshery’s client interfaces.

Viewing All Registered Relationships

You can view all registered relationships using either Meshery UI or Meshery CLI.

Using Meshery UI...: Navigate to Settings, then to Registry
Using Meshery CLI...: mesheryctl policy list

How are conflicts resolved?

In the event of a conflict or tie, Meshery relies on Open Policy Agent’s reconciliation behavior for conflict resolution.

Conflict Resolution

It may happen that certain eval decisions contain results such that two different components create a conflicting relationship with same component. While this is semantically correct, the visual representation of the relationship in such cases may be undesirable, and you may see relationships and components being redrawn depending upon how the client / Meshery UI visualizes the relationships.

Future Feature

Policy evaluation in WASM runtime is on roadmap for Meshery v0.8.3.