I confiured native oauth according to this post: https://getindata.com/blog/OAuth2-based-authentication-on-Istio-powered-Kubernetes-clusters/
How to exclude some domain from oauth redirection? I was trying by adding domain like here:
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: known-user namespace: istio-system spec: selector: matchLabels: istio: sandbox-istio action: ALLOW rules: - to: - operation: hosts: - "www.domain.com" - when: # Lack of Authorization header will push user to oauth2 filter - key: request.headers[Authorization] notValues: - "Bearer*"
But it does not do what I’m expecting and still redirecting all domains to oauth. Where i should exclude it? Directly on envoy filter, or there is some better place to do it?