...
| PlantUML Macro | ||
|---|---|---|
| ||
@startuml object PDPSubGroup object PDPService object PolicySet object PDP object PolicyPolicyImpl PDPSubGroup "1" -- "1" PDPService : > Lifecycle\nManaged\nBy PDPService "1" -- "*" PDP : > Manages\nLifecycle\nOf PDPService "1" -- "1" PolicySet : > Executes PolicySet "1" -- "*" PDP : > Executes\nOn PolicySet "1" -- "*" PolicyPolicyImpl : > Contains @enduml |
There is a one to one relationship between a PDP SubGroup, a Kubernetes PDP service, and the set of policies assigned to run in the PDP subgroup. Each PDP service runs a single PDP subgroup with multiple PDPs, which executes a specific Policy Set containing a number of policies that have been assigned to that PDP subgroup. Having and maintaining this principle makes policy deployment and administration much more straightforward than it would be if complex relationships between PDP services, PDP subgroups, and policy sets.
...