admin管理员组文章数量:1356748
Is it possible to configure Istio AuthorizationPolicy in such way that only POD's having given label will be able to access it? E.g. I would like to have a service called example-service and expect only POD having example-service-access k8s label to be able to connect to it.
I am aware that similar configuration could be possible by k8s NetworkPolicy configuration, but our network plugin does not support it.
Is it possible to configure Istio AuthorizationPolicy in such way that only POD's having given label will be able to access it? E.g. I would like to have a service called example-service and expect only POD having example-service-access k8s label to be able to connect to it.
I am aware that similar configuration could be possible by k8s NetworkPolicy configuration, but our network plugin does not support it.
Share Improve this question asked Mar 31 at 11:54 user651297user651297 292 bronze badges 2- Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Bot Commented Apr 2 at 0:00
- Did you have time to check my answer? It helped you to solve your issue? If not, I am happy to assist further.What should I do when someone answers my question? – Sai Chandra Gadde Commented Apr 2 at 10:09
1 Answer
Reset to default -1You can use Authorization Policy which can allow only pods with specific labels to access your service.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: httpbin
namespace: foo
spec:
selector:
matchLabels:
app: httpbin
version: v1
The above example will only apply to workloads matched with label selector “app: httpbin, version: v1” and others will be rejected.
本文标签:
版权声明:本文标题:kubernetes - Is it possible to configure AuthorizationPolicy in istio to allow traffic only from pods having given labels? - Sta 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743949694a2567061.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论