istio
44 строки · 1.4 Кб
1apiVersion: security.istio.io/v1beta1
2kind: RequestAuthentication
3metadata:
4name: default-{{ .To.ServiceName }}
5spec:
6targetRef:
7kind: Gateway
8group: gateway.networking.k8s.io
9name: waypoint
10jwtRules:
11- issuer: "test-issuer-1@istio.io"
12jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
13- issuer: "test-issuer-2@istio.io"
14jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
15---
16apiVersion: security.istio.io/v1beta1
17kind: RequestAuthentication
18metadata:
19name: ignored-{{ .To.ServiceName }}
20spec:
21selector:
22matchLabels:
23gateway.networking.k8s.io/gateway-name: waypoint # This should be ignored because it's not a targetRef
24jwtRules:
25- issuer: "test-issuer-3@istio.io"
26jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json"
27---
28apiVersion: security.istio.io/v1beta1
29kind: AuthorizationPolicy
30metadata:
31name: authz-gateway-{{ .To.ServiceName }}
32spec:
33selector:
34matchLabels:
35gateway.networking.k8s.io/gateway-name: waypoint # TODO: Replace this with a targetRef after https://github.com/istio/istio/pull/46560 merges
36rules:
37- from:
38- source:
39requestPrincipals: ["test-issuer-1@istio.io/sub-1"]
40- source:
41requestPrincipals: ["test-issuer-3@istio.io/sub-1"]
42- to:
43- operation:
44paths: ["/healthz"]
45