EOSE — Enterprise Orchestration Services Enablement

Design patterns

Reusable patterns for cloud, Kubernetes, security, and platform delivery.

ID Name Status Tags
DP-CDNET-001 Istio Service Mesh Security and Policy Enforcement Draft istio, service-mesh, security, policy, aks, apim, waf
DP-CDNET-002 Istio Service Mesh Traffic Management Draft
DP-CDNET-003 Istio Service Discovery and Non-Kubernetes Workload Integration Draft
DP-CDNET-004 Istio Service Observability - Centralized Observability and Metrics Collection with Istio Telemetry Draft
DP-CDNET-005 Istio Service Extendibility - Customizing Traffic and Observability Pipelines Using Istio WASM Plugins Draft
DP-CDNET-006 GitOps and Config Management - Managing Declarative Application Configurations with Flux GitRepository Draft
DP-CDNET-007 GitOps & Declarative Workload Management - Automating Workload Deployment and Updates with Flux Kustomization Draft
DP-CDNET-008 GitOps & Event Notification - Declarative Event Notification Using Flux Alerts Draft
DP-CDNET-009 GitOps & Declarative Workload Management - Automating Workload Deployment and Updates with Flux Kustomization Draft
DP-CDNET-010 GitOps & OCI Artifact Management - Declarative Management of OCI Artifacts Using Flux OCIRepository Draft
DP-CDNET-011 GitOps - Helm Release Automation and Lifecycle Management Draft
DP-CDNET-012 GitOps - Helm Repository Release Automation and Lifecycle Management Draft
DP-CDNET-013 Policy Enforcement and Governance - Automated Token Mount Blocking Using Gatekeeper Constraints Draft
DP-CDNET-014 Policy Enforcement and Governance - Restrict Privileged Containers in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-015 Policy Enforcement and Governance - Cluster Policy Enforcement Block Default Kubernetes Resource Configurations Draft
DP-CDNET-016 Policy Pod Enforcement and Governance - Block Deployment of Naked Pods in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-017 Policy Cluster Enforcement and Governance - Restrict Ingress to HTTPS Only in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-018 Policy Cluster Networking Enforcement and Governance - Restrict Allowed Service Ports in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-019 Policy Cluster Security Enforcement and Governance - Restrict Host Namespace Usage in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-020 Policy Cluster Security Enforcement and Governance - Restrict Container Images Using Gatekeeper Constraints Draft
DP-CDNET-021 Policy Cluster Security Enforcement and Governance - Restrict Kubernetes Container Capabilities Using Allowed Capabilities Constraint Draft
DP-CDNET-022 Policy Cluster Security Enforcement and Governance - Restrict Kubernetes Resource Access by Users and Groups Using Gatekeeper Draft
DP-CDNET-023 Policy Resource Quota and Limits Enforcement - Enforce Container Resource Limits in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-024 Cluster Security Policy Enforcement and Governance - Restricting Disallowed Capabilities in Kubernetes Pods Using Gatekeeper Constraints Draft
DP-CDNET-025 Host Filesystem Security Enforcement - Restrict Host Filesystem Access in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-026 Cluster Network Security Policy Enforcement - Restrict Host Networking and Port Ranges in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-027 Cluster Security Policy Enforcement - Restrict Privilege Escalation in Kubernetes Using Gatekeeper Constraints Draft
DP-CDNET-028 Kubernetes Security Policy Enforcement - Enforcing Read-Only Root Filesystem for Kubernetes Workloads Using Gatekeeper Constraints Draft
DP-CDNET-029 Kubernetes Networking and Routing Configuration - Dynamic BGP Configuration for Kubernetes with Calico BGPConfiguration CRD Draft
DP-CDNET-030 Kubernetes Networking and Routing Configuration - BGP Route Filtering in Kubernetes Using Calico BGP Filters Draft
DP-CDNET-031 Kubernetes Network Security and Traffic Management - Dynamic Network Policy Management with Calico NetworkPolicy CRD Draft
DP-CDNET-032 Kubernetes Network Policy and Object Management - Using Calico NetworkSet CRD for Dynamic IP-based Network Segmentation Draft
DP-CDNET-033 Kubernetes Network Policy and BGP Peering Management - Calico BGPPeer Management for Dynamic BGP Configuration in Kubernetes Draft
DP-CDNET-034 Kubernetes Network Management and Resource Allocation - Managing IP Address Block Affinities with Calico BlockAffinity Draft
DP-CDNET-035 Kubernetes Network Monitoring and Troubleshooting - Calico Node Status Monitoring for BGP and Network Health in Kubernetes Draft
DP-CDNET-036 Kubernetes Cluster Networking Information and Management - Centralized Management of Cluster Networking Metadata Using Calico ClusterInformation Draft
DP-CDNET-037 Kubernetes Networking and Security Configuration - Dynamic Felix Configuration for Enhanced Kubernetes Networking and Security Draft
DP-CDNET-038 Kubernetes Global Network Security Policies - Secure Kubernetes Networking with GlobalNetworkPolicy (Calico) Draft
DP-CDNET-039 Kubernetes Network Security and Traffic Management - Managing Global IP Network Sets with Calico's GlobalNetworkSet Draft
DP-CDNET-040 Kubernetes Network Security and Traffic Management - Defining and Managing Host-Specific Endpoints with Calico HostEndpoint Draft
DP-CDNET-041 Kubernetes Network Management - IP Address Management (IPAM) with Calico IPAMBlocks for Efficient Resource Allocation Draft
DP-CDNET-042 Kubernetes Cluster Networking and IP Management - Dynamic IP Address Management with Calico IPAMConfig Draft
DP-CDNET-043 Kubernetes IP Address Management (IPAM) and Networking Resources - Cluster-wide IP Address Management using Calico IPAMHandles Draft
DP-CDNET-044 Kubernetes Networking and IP Management - Dynamic IP Address Management and Networking in Kubernetes with Calico IPPools Draft
DP-CDNET-045 Kubernetes Network Resource Management - Reserving IP Ranges for Specific Use Cases with Calico IPReservation Draft
DP-CDNET-046 Kubernetes Cluster Networking and Policy Management - Dynamic Configuration of Kubernetes Controllers with Calico KubeControllersConfiguration Draft
DP-CDNET-047 Storage and Data Management - Automated Mirror Updates for Trident Volumes Draft
DP-CDNET-048 Volume Snapshot Management - Automated Snapshot Restore for Persistent Volume Claims Draft
DP-CDNET-049 Trident Backend Storage Configuration - Declarative Storage Backend Management Draft
DP-CDNET-050 Trident Storage Integration for Kubernetes - Declarative Storage Backend Management Draft
DP-CDNET-051 Storage Management Automation - Trident Configurator for Automated Storage Backend Management in Kubernetes Draft
DP-CDNET-052 Data Replication and Backup Management - Implementing Mirror Relationships for Persistent Volumes with TridentMirrorRelationship Draft
DP-CDNET-053 Storage Infrastructure Management - CustomResourceDefinition (CRD) for Trident Node Management in Kubernetes Draft
DP-CDNET-054 Persistent Storage and Data Orchestration - Managing Persistent Storage with TridentOrchestrator for Kubernetes Draft
DP-CDNET-055 Storage Snapshot Management - Dynamic Management of Persistent Volume Snapshots with TridentSnapshotInfo Draft
DP-CDNET-056 Storage Snapshot Management - Dynamic Management of Persistent Volume Snapshots Draft
DP-CDNET-057 Dynamic Storage Provisioning with Custom Storage Classes - Managing Dynamic Storage Classes Draft
DP-CDNET-058 Management for Stateful Workloads - Managing Trident Transactions Draft
DP-CDNET-059 Storage Version Management - Version Management for Trident Storage Orchestrator in Kubernetes Draft
DP-CDNET-060 Persistent Storage Volume Management - Manage Storage Volume Publications with Trident Draft
DP-CDNET-061 Storage Volume Reference Management in Kubernetes - Trident Volume Reference Management Draft
DP-CDNET-062 Trident Storage Volume Lifecycle Management - Trident Volume Management Draft
DP-CDNET-063 Storage Management in Kubernetes - Trident Storage Management Draft
DP-CDNET-064 API Server Management in Kubernetes - Tigera API Server Management Draft
DP-CDNET-065 Declarative Management of Azure Container Registry Access Tokens Using the ACRAccessToken with External Secrets Operator Draft
DP-CDNET-066 Declarative Management of Cluster-Wide External Secrets Using the ClusterExternalSecret with External Secrets Operator Draft
DP-CDNET-067 Declarative Management of Cluster-Wide Secret Stores Using the ClusterSecretStore with Azure Key Vault and Workload Identity with External Secrets Operator Draft
DP-CDNET-068 Declarative Management of Venafi Cluster Issuers Using the VenafiClusterIssuer Draft
DP-CDNET-069 Declarative Management of Venafi Connections Using the VenafiConnection Draft
DP-CDNET-070 Declarative Management of Venafi Issuers Using the VenafiIssuer Draft
DP-CDNET-071 Declarative Management of Certificate Request Policies Using the CertificateRequestPolicy Draft
DP-CDNET-072 Declarative Management of Certificate Request Policies Using the CertificateRequest Draft
DP-CDNET-073 Kubernetes Certificate Management - Enforcing Consistent TLS Configurations Using cert-manager Draft
DP-CDNET-074 Cert-Manager ACME Challenge Management - Automating DNS and HTTP Challenges for Certificate Issuance Draft
DP-CDNET-075 AKS Istio Service Mesh - Automated Pod-to-Pod Encryption Using cert-manager Certificates with CTC Sub CA offline Draft
DP-CDNET-076 AKS Istio Service Mesh – Cluster-Wide TLS Issuance using cert-manager Draft
DP-CDNET-077 AKS Istio Service Mesh – Automated Pod-to-Pod Encryption Using Namespace-Scoped ACME Orders Draft
DP-CDNET-078 Automated Security and Compliance Policies with JFrog Xray using Terraform Draft
DP-CDNET-079 Kubernetes Observability and Alerting - Managing Alert Providers with Flagger's AlertProvider Draft
DP-CDNET-080 Kubernetes Progressive Delivery - Canary Releases with Flagger's Canary Draft
DP-CDNET-081 Kubernetes Observability - Custom Metric Queries with Flagger's MetricTemplate Draft
DP-CDNET-082 Azure Services – Exporting Kubernetes Certificates to Azure Key Vault Using COA ExportCertificateSecret Controller Draft
DP-CDNET-083 AKS – Importing Certificates from Azure Key Vault Using COA ImportCertificateSecret CRD Draft
DP-CDNET-084 Full Lifecycle Golden Base Container Image Pipeline with Automated Curation Draft
DP-CDNET-085 COA Container Image Curator – A CLI for Automated Golden Base Container Image Lifecycle Draft
DP-CDNET-086 Container Image Curation and Lifecycle with the COA Container Image Curator CLI Draft
DP-CDNET-087 AKS GPU Nodepools & Taints/Tolerations (topology Draft
DP-CDNET-088 NVIDIA GPU Operator + DCGM Exporter (drivers Draft
DP-CDNET-089 GPU Resource Quotas/Requests Guardrails (Gatekeeper) Draft
DP-CDNET-090 Ray on K8s for Training & Batch Inference (CRDs Draft
DP-CDNET-091 Argo/Kubeflow Pipelines for ML CI/CD & Evals (gates) Draft
DP-CDNET-092 ANF Scratch + Blob Datasets with Private Endpoints (Trident classes Draft
DP-CDNET-093 KServe InferenceService for Triton/vLLM (Istio Draft
DP-CDNET-094 Canary/Blue-Green Model Rollouts with Flagger (metric templates) Draft
DP-CDNET-095 ACR as OCI Model Registry (ORAS) via Flux OCIRepository (signing) Draft
DP-CDNET-096 Dataset Access Draft
DP-CDNET-097 pgvector/Milvus/Qdrant Pattern (private endpoints Draft
DP-CDNET-098 MCP Server Deployment Pattern (Istio mTLS Draft
DP-CDNET-099 Agent-to-Tool AuthZ & Audit (JWT/mTLS Draft
DP-CDNET-100 GPU/Token Cost Dashboards & Budgets (DCGM Draft
DP-CDNET-101 Enterprise Model Registry (OCI on ACR) Draft
DP-CDNET-102 Model Drift Detection & Response Draft
DP-CDNET-103 Feature Store / Embedding Store (Feast or pgvector) Draft
DP-CDNET-104 Model Evaluation Gates (pre-prod checks) Draft
DP-CDNET-105 Dataset Versioning & Lineage Draft
DP-CDNET-106 LLM Safety & Tooling (MCP) Guardrails Draft
DP-CDNET-107 GPU/Token FinOps Draft
DP-CDNET-108 Shadow & Canary Serving for Models Draft
DP-CDNET-109 Roll-Forward/Roll-Back Strategy Draft
DP-CDNET-110 Model Card & Audit Trail Draft