Hi,
I’m fairly new to istio and I’ve been testing authorization polices and would like to confirm the following:
- Can I use k8s service names as shown below where
httpbin.bar
is the service name for deployment/workloadhttpbin
:
- to:
- operation:
hosts: ["httpbin.bar"]
- Are the
rules.from
andrules.to
applied with AND logic? For example, for the following rules with no selector, Is the rule meant to only ALLOW access to thehttpbin.bar
service from service accountsleep
infoo
namespace?
rules:
- from:
- source:
principals: ["cluster.local/ns/foo/sa/sleep"]
- to:
- operation:
hosts: ["httpbin.bar"]
I ask this because, I setup 2 services httpbin.bar
and privatehttpbin.bar
and access was granted to privatehttpbin.bar
.