istio

reference-policy-tcp.yaml
85 строк · 1.6 Кб
Перенос по словам
1
apiVersion: gateway.networking.k8s.io/v1beta1
2
kind: Gateway
3
metadata:
4
  name: gateway
5
  namespace: istio-system
6
spec:
7
  addresses:
8
  - value: istio-ingressgateway
9
    type: Hostname
10
  gatewayClassName: istio
11
  listeners:
12
  - name: my-svc
13
    port: 34000
14
    protocol: TCP
15
    allowedRoutes:
16
      namespaces:
17
        from: All
18
  - name: echo
19
    port: 34001
20
    protocol: TCP
21
    allowedRoutes:
22
      namespaces:
23
        from: All
24
---
25
apiVersion: gateway.networking.k8s.io/v1beta1
26
kind: ReferenceGrant
27
metadata:
28
  name: allow-service-tcp
29
  namespace: service
30
spec:
31
  from:
32
  - group: gateway.networking.k8s.io
33
    kind: TCPRoute
34
    namespace: istio-system
35
  to:
36
  - group: ""
37
    kind: Service
38
    name: my-svc
39
---
40
apiVersion: gateway.networking.k8s.io/v1beta1
41
kind: ReferenceGrant
42
metadata:
43
  name: allow-service-http
44
  namespace: default
45
spec:
46
  from:
47
  - group: gateway.networking.k8s.io
48
    kind: HTTPRoute
49
    namespace: istio-system
50
  to:
51
  - group: ""
52
    kind: Service
53
    name: echo
54
---
55
apiVersion: gateway.networking.k8s.io/v1alpha2
56
kind: TCPRoute
57
metadata:
58
  name: allowed-my-svc
59
  namespace: istio-system
60
spec:
61
  parentRefs:
62
  - name: gateway
63
    namespace: istio-system
64
    sectionName: my-svc
65
  rules:
66
  - backendRefs:
67
    - name: my-svc
68
      namespace: service
69
      port: 34000
70
---
71
apiVersion: gateway.networking.k8s.io/v1alpha2
72
kind: TCPRoute
73
metadata:
74
  name: not-allowed-echo
75
  namespace: istio-system
76
spec:
77
  parentRefs:
78
  - name: gateway
79
    namespace: istio-system
80
    sectionName: echo
81
  rules:
82
  - backendRefs:
83
    - name: echo
84
      namespace: default
85
      port: 34001
86
istio

Использование cookies
