istio
58 строк · 1.3 Кб
1apiVersion: security.istio.io/v1beta1
2kind: AuthorizationPolicy
3metadata:
4name: groups
5spec:
6rules:
7# Has mix of L4 and L7 in from
8- from:
9- source:
10principals: ["from-mix-principal"]
11requestPrincipals: ["from-mix-requestPrincipals"]
12namespaces: ["from-mix-ns"]
13to:
14- operation:
15ports: ["80"]
16# Has mix of L4 and L7 in to
17- from:
18- source:
19principals: ["to-mix-principal"]
20namespaces: ["to-mix-ns"]
21to:
22- operation:
23ports: ["80"]
24methods: ["to-mix-method"]
25# Only L4
26- from:
27- source:
28principals: ["only-l4-principals"]
29namespaces: ["only-l4-ns"]
30to:
31- operation:
32ports: ["80"]
33# Only L7
34- from:
35- source:
36requestPrincipals: ["l7-principal"]
37to:
38- operation:
39paths: ["/l7-foo"]
40methods: ["l7-method"]
41# L4 and L7 when
42- when:
43- key: "source.namespace"
44values: ["when-l4-l7-ns"]
45- key: "connection.sni"
46values: [ "when-l4-l7-sni"]
47# L4 only when
48- when:
49- key: "source.namespace"
50values: ["when-l4-ns"]
51- key: "source.ip"
52values: ["10.10.10.10"]
53# L7 only when
54- when:
55- key: "connection.sni"
56values: [ "when-l7-sni"]
57- key: "request.headers[X-header]"
58values: ["when-l7-header"]
59