Deny "Accessing External Services" for dedicated namespace

Veiko · June 16, 2020, 2:28pm

I used meshConfig.outboundTrafficPolicy.mode = ALLOW_ANY during the installation. Now, however, I have the requirements that a special namespace should * not * have access to external services. Do you have a tip on how I can configure this most effectively for one namespace?

thanks for the help

istio version 1.4

Laci21 · June 22, 2020, 4:49pm

Set https://istio.io/latest/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy to REGISTRY_ONLY for that specific namespace.

Veiko · June 23, 2020, 1:47pm

Thank you very much, I had not noticed this specs at the Sidecar Resource, nice solution!

Topic		Replies	Views
How to deny/allow connections to external services by source namespace? Security	5	3282	June 17, 2021
Istio Sidecar crd outboundTrafficPolicy set to REGISTRY_ONLY. ServiceEntry not honored Networking	0	552	April 23, 2022
AuthorizationPolicy and Namespaces Security	1	2258	February 21, 2020
Tring to block traffic namespace level to external service and allow only port 5672 and 1433 Networking	0	329	October 4, 2023
Restricting access from one workload to other workload in the same mesh Security	2	554	December 12, 2022

Deny "Accessing External Services" for dedicated namespace

Related topics