I have the below AuthorizationPolicy which works fine if applied on istio-system namespace, where as doesn’t get applied if targeted to particular namespace.
The below policy works
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: awesome-app
namespace: istio-system
spec:
action: CUSTOM
provider:
name: oauth2-proxy
rules:
- to:
- operation:
hosts:
- my-awesome-app.com
selector:
matchLabels:
istio: ingressgateway
This below doesn’t work - only change is namespace
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: awesome-app
namespace: awesome-app-namespace
spec:
action: CUSTOM
provider:
name: oauth2-proxy
rules:
- to:
- operation:
hosts:
- my-awesome-app.com
selector:
matchLabels:
app: awesome-app
Tried by removing all the selector and rules and I would assume this policy will be applied to all the requests if no rules are specified as show below.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: awesome-app
namespace: awesome-app-namespace
spec:
action: CUSTOM
provider:
name: oauth2-proxy
rules: []
The above policy is not working as expected.
Any help or guidance is appretiated.