I confiured native oauth according to this post: https://getindata.com/blog/OAuth2-based-authentication-on-Istio-powered-Kubernetes-clusters/
How to exclude some domain from oauth redirection? I was trying by adding domain like here:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: known-user
namespace: istio-system
spec:
selector:
matchLabels:
istio: sandbox-istio
action: ALLOW
rules:
- to:
- operation:
hosts:
- "www.domain.com"
- when: # Lack of Authorization header will push user to oauth2 filter
- key: request.headers[Authorization]
notValues:
- "Bearer*"
But it does not do what I’m expecting and still redirecting all domains to oauth. Where i should exclude it? Directly on envoy filter, or there is some better place to do it?