istio

allow-groups-in.yaml
58 строк · 1.3 Кб
Перенос по словам
1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
3
metadata:
4
  name: groups
5
spec:
6
  rules:
7
  # Has mix of L4 and L7 in from
8
  - from:
9
    - source:
10
        principals: ["from-mix-principal"]
11
        requestPrincipals: ["from-mix-requestPrincipals"]
12
        namespaces: ["from-mix-ns"]
13
    to:
14
    - operation:
15
        ports: ["80"]
16
  # Has mix of L4 and L7 in to
17
  - from:
18
    - source:
19
        principals: ["to-mix-principal"]
20
        namespaces: ["to-mix-ns"]
21
    to:
22
    - operation:
23
        ports: ["80"]
24
        methods: ["to-mix-method"]
25
  # Only L4
26
  - from:
27
    - source:
28
        principals: ["only-l4-principals"]
29
        namespaces: ["only-l4-ns"]
30
    to:
31
    - operation:
32
        ports: ["80"]
33
  # Only L7
34
  - from:
35
    - source:
36
        requestPrincipals: ["l7-principal"]
37
    to:
38
    - operation:
39
        paths: ["/l7-foo"]
40
        methods: ["l7-method"]
41
  # L4 and L7 when
42
  - when:
43
    - key: "source.namespace"
44
      values: ["when-l4-l7-ns"]
45
    - key: "connection.sni"
46
      values: [ "when-l4-l7-sni"]
47
  # L4 only when
48
  - when:
49
    - key: "source.namespace"
50
      values: ["when-l4-ns"]
51
    - key: "source.ip"
52
      values: ["10.10.10.10"]
53
  # L7 only when
54
  - when:
55
    - key: "connection.sni"
56
      values: [ "when-l7-sni"]
57
    - key: "request.headers[X-header]"
58
      values: ["when-l7-header"]
59
istio

Использование cookies
