Deny "Accessing External Services" for dedicated namespace

Veiko · June 16, 2020, 2:28pm

I used meshConfig.outboundTrafficPolicy.mode = ALLOW_ANY during the installation. Now, however, I have the requirements that a special namespace should * not * have access to external services. Do you have a tip on how I can configure this most effectively for one namespace?

thanks for the help

istio version 1.4

Laci21 · June 22, 2020, 4:49pm

Set https://istio.io/latest/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy to REGISTRY_ONLY for that specific namespace.

Veiko · June 23, 2020, 1:47pm

Thank you very much, I had not noticed this specs at the Sidecar Resource, nice solution!

Topic		Replies	Views
How to deny/allow connections to external services by source namespace? Security	5	2881	June 17, 2021
Istio Sidecar crd outboundTrafficPolicy set to REGISTRY_ONLY. ServiceEntry not honored Networking	0	457	April 23, 2022
Tring to block traffic namespace level to external service and allow only port 5672 and 1433 Networking	0	225	October 4, 2023
Istio Namespace isolation	2	5769	April 28, 2020
Egress Gateway: how to deny all MESH_EXTERNAL access in AuthorizaitionPolicy, leaving mesh internal traffic intact Security	1	173	November 28, 2023

Deny "Accessing External Services" for dedicated namespace

Related Topics