istio

single-policy-in.yaml
66 строк · 3.1 Кб
Перенос по словам
1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
3
metadata:
4
  name: httpbin
5
  namespace: foo
6
spec:
7
  selector:
8
    matchLabels:
9
      app: httpbin
10
      version: v1
11
  rules:
12
    - from:
13
        - source:
14
            principals: ["rule[0]-from[0]-principal[1]", "rule[0]-from[0]-principal[2]"]
15
            requestPrincipals: ["rule[0]-from[0]-requestPrincipal[1]", "rule[0]-from[0]-requestPrincipal[2]"]
16
            namespaces: ["rule[0]-from[0]-ns[1]", "rule[0]-from[0]-ns[2]"]
17
            ipBlocks: ["10.0.0.1", "10.0.0.2"]
18
            remoteIpBlocks: ["172.16.10.10"]
19
        - source:
20
            principals: ["rule[0]-from[1]-principal[1]", "rule[0]-from[1]-principal[2]"]
21
            requestPrincipals: ["rule[0]-from[1]-requestPrincipal[1]", "rule[0]-from[1]-requestPrincipal[2]"]
22
            namespaces: ["rule[0]-from[1]-ns[1]", "rule[0]-from[1]-ns[2]"]
23
            ipBlocks: ["10.0.1.1", "192.0.1.2"]
24
            remoteIpBlocks: ["172.17.8.0/24", "172.17.9.4"]
25
      to:
26
        - operation:
27
            methods: ["rule[0]-to[0]-method[1]", "rule[0]-to[0]-method[2]"]
28
            hosts: ["rule[0]-to[0]-host[1]", "rule[0]-to[0]-host[2]"]
29
            ports: ["9001", "9002"]
30
            paths: ["rule[0]-to[0]-path[1]", "rule[0]-to[0]-path[2]"]
31
        - operation:
32
            methods: ["rule[0]-to[1]-method[1]", "rule[0]-to[1]-method[2]"]
33
            hosts: ["rule[0]-to[1]-host[1]", "rule[0]-to[1]-host[2]"]
34
            ports: ["9011", "9012"]
35
            paths: ["rule[0]-to[1]-path[1]", "rule[0]-to[1]-path[2]"]
36
      when:
37
        - key: "request.headers[X-header]"
38
          values: ["header", "header-prefix-*", "*-suffix-header", "*"]
39
        - key: "destination.ip"
40
          values: ["10.10.10.10", "192.168.10.0/24"]
41
        - key: "remote.ip"
42
          values: ["10.99.10.8", "10.80.64.0/18"]
43
    - from:
44
        - source:
45
            principals: ["rule[1]-from[0]-principal[1]", "rule[1]-from[0]-principal[2]"]
46
            requestPrincipals: ["rule[1]-from[0]-requestPrincipal[1]", "rule[1]-from[0]-requestPrincipal[2]"]
47
            namespaces: ["rule[1]-from[0]-ns[1]", "rule[1]-from[0]-ns[2]"]
48
            ipBlocks: ["10.1.0.1", "10.1.0.2"]
49
            remoteIpBlocks: ["172.22.2.0/23", "172.21.234.254"]
50
        - source:
51
            principals: ["rule[1]-from[1]-principal[1]", "rule[1]-from[1]-principal[2]"]
52
            requestPrincipals: ["rule[1]-from[1]-requestPrincipal[1]", "rule[1]-from[1]-requestPrincipal[2]"]
53
            namespaces: ["rule[1]-from[1]-ns[1]", "rule[1]-from[1]-ns[2]"]
54
            ipBlocks: ["10.1.1.1", "192.1.1.2"]
55
            remoteIpBlocks: ["192.168.4.0/24", "192.168.7.8"]
56
      to:
57
        - operation:
58
            methods: ["rule[1]-to[0]-method[1]", "rule[1]-to[0]-method[2]"]
59
            hosts: ["rule[1]-to[0]-host[1]", "rule[1]-to[0]-host[2]"]
60
            ports: ["9101", "9102"]
61
            paths: ["rule[1]-to[0]-path[1]", "rule[1]-to[0]-path[2]"]
62
        - operation:
63
            methods: ["rule[1]-to[1]-method[1]", "rule[1]-to[1]-method[2]"]
64
            hosts: ["rule[1]-to[1]-host[1]", "rule[1]-to[1]-host[2]"]
65
            ports: ["9111", "9112"]
66
            paths: ["rule[1]-to[1]-path[1]", "rule[1]-to[1]-path[2]"]
67
istio

Использование cookies
