Authorization policy

Mohd_Aslam · February 4, 2021, 12:41pm

I have three microservices in the same namespace in AKS… Let’s say they are ms1, ms2 and ms3 and their services are ms1svc1, ms2svc2 and ms3svc3 respectively. I have a requirement that my ms1 must be able to talk to ms2 and NOT ms3. How to implement it using authorization policy or is there any better way?

In short, how to allow/deny service to service communication…?

YangminZhu · February 11, 2021, 8:57pm

you can first enable mTLS in the namespace so that each service will have an mtls based identity, and then apply 2 authz policy to ms2 and ms3 respectively, the first policy allows request from ms1 and the second policy disallows request from ms1, see Istio / Authorization for HTTP traffic

Topic		Replies	Views
AuthorizationPolicy and Namespaces Security	1	2240	February 21, 2020
Authorization polices issue Security	1	248	November 15, 2023
Istio 1.6.4: Authorisation policy ALLOW is denying Security	9	1100	August 10, 2020
Another AuthorizationPolicy Question - IP Whitelist for VirtualService Security	5	2049	February 11, 2021
ServiceRoleBinding with service account	1	442	July 16, 2019

Authorization policy

Related topics