I am using istio 1.19 adn i try to implement a policy such that only my services can connect to my database
I have one general allow nothing
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-nothing
spec:
{}
and then an allow policy:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: allow-services
spec:
selector:
matchLabels:
app: “mssql”
action: ALLOW
rules:
- from:
- source:
principals: [“cluster.local/ns/moneta/sa/transaction”] #, “cluster.local/ns/moneta/sa/accounts”]- to:
- operation:
ports: [“1433”]
but it seems to allow seem to work a s intentended (all service principals seem to have access)