istio
101 строка · 2.7 Кб
1name: envoy.filters.network.rbac
2typedConfig:
3'@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC
4shadowRules:
5action: DENY
6policies:
7istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[0]:
8permissions:
9- andRules:
10rules:
11- any: true
12principals:
13- andIds:
14ids:
15- any: true
16istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[1]:
17permissions:
18- andRules:
19rules:
20- any: true
21principals:
22- andIds:
23ids:
24- orIds:
25ids:
26- directRemoteIp:
27addressPrefix: 1.2.3.4
28prefixLen: 32
29istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[2]:
30permissions:
31- andRules:
32rules:
33- orRules:
34rules:
35- destinationPort: 80
36principals:
37- andIds:
38ids:
39- orIds:
40ids:
41- directRemoteIp:
42addressPrefix: 1.2.3.4
43prefixLen: 32
44istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[3]:
45permissions:
46- andRules:
47rules:
48- any: true
49principals:
50- andIds:
51ids:
52- any: true
53istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[4]:
54permissions:
55- andRules:
56rules:
57- orRules:
58rules:
59- destinationPort: 80
60principals:
61- andIds:
62ids:
63- any: true
64istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[5]:
65permissions:
66- andRules:
67rules:
68- orRules:
69rules:
70- destinationPort: 80
71- notRule:
72orRules:
73rules:
74- destinationPort: 8000
75principals:
76- andIds:
77ids:
78- orIds:
79ids:
80- remoteIp:
81addressPrefix: 172.18.4.0
82prefixLen: 22
83- notId:
84orIds:
85ids:
86- remoteIp:
87addressPrefix: 192.168.244.139
88prefixLen: 32
89- orIds:
90ids:
91- directRemoteIp:
92addressPrefix: 1.2.3.4
93prefixLen: 32
94- notId:
95orIds:
96ids:
97- directRemoteIp:
98addressPrefix: 9.0.0.1
99prefixLen: 32
100shadowRulesStatPrefix: istio_ext_authz_
101statPrefix: tcp.
102