istio
101 строка · 2.7 Кб
1name: envoy.filters.network.rbac2typedConfig:3'@type': type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC4shadowRules:5action: DENY6policies:7istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[0]:8permissions:9- andRules:10rules:11- any: true12principals:13- andIds:14ids:15- any: true16istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[1]:17permissions:18- andRules:19rules:20- any: true21principals:22- andIds:23ids:24- orIds:25ids:26- directRemoteIp:27addressPrefix: 1.2.3.428prefixLen: 3229istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[2]:30permissions:31- andRules:32rules:33- orRules:34rules:35- destinationPort: 8036principals:37- andIds:38ids:39- orIds:40ids:41- directRemoteIp:42addressPrefix: 1.2.3.443prefixLen: 3244istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[3]:45permissions:46- andRules:47rules:48- any: true49principals:50- andIds:51ids:52- any: true53istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[4]:54permissions:55- andRules:56rules:57- orRules:58rules:59- destinationPort: 8060principals:61- andIds:62ids:63- any: true64istio-ext-authz-ns[foo]-policy[httpbin-deny]-rule[5]:65permissions:66- andRules:67rules:68- orRules:69rules:70- destinationPort: 8071- notRule:72orRules:73rules:74- destinationPort: 800075principals:76- andIds:77ids:78- orIds:79ids:80- remoteIp:81addressPrefix: 172.18.4.082prefixLen: 2283- notId:84orIds:85ids:86- remoteIp:87addressPrefix: 192.168.244.13988prefixLen: 3289- orIds:90ids:91- directRemoteIp:92addressPrefix: 1.2.3.493prefixLen: 3294- notId:95orIds:96ids:97- directRemoteIp:98addressPrefix: 9.0.0.199prefixLen: 32100shadowRulesStatPrefix: istio_ext_authz_101statPrefix: tcp.102