Hello,
I am running Istio version 1.10.5 and using OIDC Authentication with OAuth2-Proxy . Currently I am having below authorization policy having the custom action. Now i wanted to Disable RequestAuthentication JWT rules for specific paths. I have some workloads within the cluster which need to be exposed without the need to have a valid JWT token. How can i do that?.
Right now for all the request, gateway is expecting a valid JWT token.
I would like to exclude JWT token on the path /app/v1/metrics
kind: AuthorizationPolicy
metadata:
name: authorization-policy
namespace: istio-system
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "knative-istio.example.com"
notPaths:
- "/app/v1/metrics"
```apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: keyhole-authentication-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
jwtRules:
- issuer: "https://accounts.google.com"
jwksUri: "https://www.googleapis.com/oauth2/v3/certs"