1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
14
principals: ["rule[0]-from[0]-principal[1]", "rule[0]-from[0]-principal[2]"]
15
requestPrincipals: ["rule[0]-from[0]-requestPrincipal[1]", "rule[0]-from[0]-requestPrincipal[2]"]
16
namespaces: ["rule[0]-from[0]-ns[1]", "rule[0]-from[0]-ns[2]"]
17
ipBlocks: ["10.0.0.1", "10.0.0.2"]
18
remoteIpBlocks: ["172.16.10.10"]
20
principals: ["rule[0]-from[1]-principal[1]", "rule[0]-from[1]-principal[2]"]
21
requestPrincipals: ["rule[0]-from[1]-requestPrincipal[1]", "rule[0]-from[1]-requestPrincipal[2]"]
22
namespaces: ["rule[0]-from[1]-ns[1]", "rule[0]-from[1]-ns[2]"]
23
ipBlocks: ["10.0.1.1", "192.0.1.2"]
24
remoteIpBlocks: ["172.17.8.0/24", "172.17.9.4"]
27
methods: ["rule[0]-to[0]-method[1]", "rule[0]-to[0]-method[2]"]
28
hosts: ["rule[0]-to[0]-host[1]", "rule[0]-to[0]-host[2]"]
29
ports: ["9001", "9002"]
30
paths: ["rule[0]-to[0]-path[1]", "rule[0]-to[0]-path[2]"]
32
methods: ["rule[0]-to[1]-method[1]", "rule[0]-to[1]-method[2]"]
33
hosts: ["rule[0]-to[1]-host[1]", "rule[0]-to[1]-host[2]"]
34
ports: ["9011", "9012"]
35
paths: ["rule[0]-to[1]-path[1]", "rule[0]-to[1]-path[2]"]
37
- key: "request.headers[X-header]"
38
values: ["header", "header-prefix-*", "*-suffix-header", "*"]
39
- key: "destination.ip"
40
values: ["10.10.10.10", "192.168.10.0/24"]
42
values: ["10.99.10.8", "10.80.64.0/18"]
45
principals: ["rule[1]-from[0]-principal[1]", "rule[1]-from[0]-principal[2]"]
46
requestPrincipals: ["rule[1]-from[0]-requestPrincipal[1]", "rule[1]-from[0]-requestPrincipal[2]"]
47
namespaces: ["rule[1]-from[0]-ns[1]", "rule[1]-from[0]-ns[2]"]
48
ipBlocks: ["10.1.0.1", "10.1.0.2"]
49
remoteIpBlocks: ["172.22.2.0/23", "172.21.234.254"]
51
principals: ["rule[1]-from[1]-principal[1]", "rule[1]-from[1]-principal[2]"]
52
requestPrincipals: ["rule[1]-from[1]-requestPrincipal[1]", "rule[1]-from[1]-requestPrincipal[2]"]
53
namespaces: ["rule[1]-from[1]-ns[1]", "rule[1]-from[1]-ns[2]"]
54
ipBlocks: ["10.1.1.1", "192.1.1.2"]
55
remoteIpBlocks: ["192.168.4.0/24", "192.168.7.8"]
58
methods: ["rule[1]-to[0]-method[1]", "rule[1]-to[0]-method[2]"]
59
hosts: ["rule[1]-to[0]-host[1]", "rule[1]-to[0]-host[2]"]
60
ports: ["9101", "9102"]
61
paths: ["rule[1]-to[0]-path[1]", "rule[1]-to[0]-path[2]"]
63
methods: ["rule[1]-to[1]-method[1]", "rule[1]-to[1]-method[2]"]
64
hosts: ["rule[1]-to[1]-host[1]", "rule[1]-to[1]-host[2]"]
65
ports: ["9111", "9112"]
66
paths: ["rule[1]-to[1]-path[1]", "rule[1]-to[1]-path[2]"]