Hi! I’m running istio in a kubernetes bare metal environment.
I’m able to block traffic between pods using networkpolicy using selectors.
Is there a similar functionality in istio? I look at istio denials, but is it the only way to do this?
I’m trying to use sidecars but I’m missing something.
I’ve got two namespaces sample1 and sample2, I want to enable sample2 communication only inside its namespace.
I’m applying this:
apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
name: default
namespace: sample2
spec:
egress:
- hosts:
- “sample2/*”
Anyway I can make calls from sample2 services to sample1 services.
Where I’m wrong?
Someone can help?
There is something to enable to make the sidecar woks?
I can help with security approach using RBAC, but I’m not familiar with the Sidecar API. Maybe @howardjohn can help you on this.
mcastro take a look at https://github.com/istio/istio/issues/15329 - I suspect you have ALLOW_ANY mode set