Regarding AuthorizationPolicy I would like to allow external traffic from specific IPs only AND all internal traffic. I thought the best way would be to use remoteIpBlocks and namespaces as source, like
action: ALLOW rules: - from: - source: remoteIpBlocks: - 184.108.40.206 - 220.127.116.11 - from: - source: namespaces: - "*"
action: ALLOW rules: - from: - source: remoteIpBlocks: - 18.104.22.168 - 22.214.171.124 - source: namespaces: - "*"
I understand that having a list of from means OR, having a list of source results in AND conditions.
None them works: I expected to block other IPs then listed, but Istio passes them through. If I remove the namespaces, Istio blocks external traffic as expected from IPs not listed here.
Is there another way of allowing all internal traffic AND only listed remote IPs?
Thanks in advance!