istio

deny-groups-in.yaml
60 строк · 1.4 Кб
Перенос по словам
1
apiVersion: security.istio.io/v1beta1
2
kind: AuthorizationPolicy
3
metadata:
4
  name: groups-deny
5
spec:
6
  action: DENY
7
  rules:
8
  # Has mix of L4 and L7 in from
9
  - from:
10
    - source:
11
        principals: ["from-mix-principal"]
12
        requestPrincipals: ["from-mix-requestPrincipals"]
13
        namespaces: ["from-mix-ns"]
14
    to:
15
    - operation:
16
        ports: ["80"]
17
  # Has mix of L4 and L7 in to
18
  - from:
19
    - source:
20
        principals: ["to-mix-principal"]
21
        namespaces: ["to-mix-ns"]
22
    to:
23
    - operation:
24
        ports: ["80"]
25
        methods: ["to-mix-method"]
26
  # Only L4
27
  - from:
28
    - source:
29
        principals: ["only-l4-principals"]
30
        namespaces: ["only-l4-ns"]
31
    to:
32
    - operation:
33
        ports: ["80"]
34
  # Only L7
35
  - from:
36
    - source:
37
        requestPrincipals: ["l7-principal"]
38
    to:
39
    - operation:
40
        paths: ["/l7-foo"]
41
        methods: ["l7-method"]
42
  # L4 and L7 when
43
  - when:
44
    - key: "source.namespace"
45
      values: ["when-l4-l7-ns"]
46
    - key: "connection.sni"
47
      values: [ "when-l4-l7-sni"]
48
  # L4 only when
49
  - when:
50
    - key: "source.namespace"
51
      values: ["when-l4-ns"]
52
    - key: "source.ip"
53
      values: ["10.10.10.10"]
54
      notValues: ["20.20.20.20"]
55
  # L7 only when
56
  - when:
57
    - key: "connection.sni"
58
      values: [ "when-l7-sni"]
59
    - key: "request.headers[X-header]"
60
      values: ["when-l7-header"]
61
istio

Использование cookies
