istio

custom-both-http-tcp-in.yaml
57 строк · 1.5 Кб
Перенос по словам
1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
3
metadata:
4
  name: httpbin-deny
5
  namespace: foo
6
spec:
7
  action: CUSTOM
8
  provider:
9
    name: default
10
  rules:
11
    # rule[0] `from`: nil, `to`: HTTP field.
12
    - to:
13
        - operation:
14
            methods: ["GET"]
15
    # rule[1] `from`: TCP field, `to`: HTTP field.
16
    - from:
17
        - source:
18
            ipBlocks: ["1.2.3.4"]
19
      to:
20
        - operation:
21
            methods: ["GET"]
22
    # rule[2] `from`: TCP field, `to`: TCP field.
23
    - from:
24
        - source:
25
            ipBlocks: ["1.2.3.4"]
26
      to:
27
        - operation:
28
            ports: ["80"]
29
    # rule[3] `from`: nil, `to`: nil, `when`: HTTP field.
30
    - when:
31
        - key: "request.headers[:method]"
32
          values: ["GET"]
33
    # rule[4] `from`: nil, `to`: nil, `when`: TCP field.
34
    - when:
35
        - key: "destination.port"
36
          values: ["80"]
37
    # rule[5] `from`: all fields, `to`: all fields, `when`: all fields.
38
    - from:
39
        - source:
40
            ipBlocks: ["1.2.3.4"]
41
            remoteIpBlocks: ["172.18.4.0/22"]
42
            notIpBlocks: ["9.0.0.1"]
43
            notRemoteIpBlocks: ["192.168.244.139"]
44
      to:
45
        - operation:
46
            methods: ["method"]
47
            hosts: ["exact.com"]
48
            ports: ["80"]
49
            paths: ["/exact"]
50
            notMethods: ["not-method"]
51
            notHosts: ["not-exact.com"]
52
            notPorts: ["8000"]
53
            notPaths: ["/not-exact"]
54
      when:
55
        - key: "request.headers[X-header]"
56
          values: ["header"]
57
          notValues: ["not-header"]
58
istio

Использование cookies
