istio
1apiVersion: gateway.networking.k8s.io/v1beta1
2kind: Gateway
3metadata:
4name: gateway
5namespace: istio-system
6spec:
7addresses:
8- value: istio-ingressgateway
9type: Hostname
10gatewayClassName: istio
11listeners:
12- name: my-svc
13port: 34000
14protocol: TCP
15allowedRoutes:
16namespaces:
17from: All
18- name: echo
19port: 34001
20protocol: TCP
21allowedRoutes:
22namespaces:
23from: All
24---
25apiVersion: gateway.networking.k8s.io/v1beta1
26kind: ReferenceGrant
27metadata:
28name: allow-service-tcp
29namespace: service
30spec:
31from:
32- group: gateway.networking.k8s.io
33kind: TCPRoute
34namespace: istio-system
35to:
36- group: ""
37kind: Service
38name: my-svc
39---
40apiVersion: gateway.networking.k8s.io/v1beta1
41kind: ReferenceGrant
42metadata:
43name: allow-service-http
44namespace: default
45spec:
46from:
47- group: gateway.networking.k8s.io
48kind: HTTPRoute
49namespace: istio-system
50to:
51- group: ""
52kind: Service
53name: echo
54---
55apiVersion: gateway.networking.k8s.io/v1alpha2
56kind: TCPRoute
57metadata:
58name: allowed-my-svc
59namespace: istio-system
60spec:
61parentRefs:
62- name: gateway
63namespace: istio-system
64sectionName: my-svc
65rules:
66- backendRefs:
67- name: my-svc
68namespace: service
69port: 34000
70---
71apiVersion: gateway.networking.k8s.io/v1alpha2
72kind: TCPRoute
73metadata:
74name: not-allowed-echo
75namespace: istio-system
76spec:
77parentRefs:
78- name: gateway
79namespace: istio-system
80sectionName: echo
81rules:
82- backendRefs:
83- name: echo
84namespace: default
85port: 34001
86