Help with Istio Authorization policy

Hi,

I need to setup an Authorization policy in a namespace this should check if the JWT token is not present in header DENY access.So i setup a policy “allow-nothing” as below. This denies all requests without a valid token in the header. I want to exclude some apps in the same namespace from this rule. The apps allowed access needs to be in the same namespace. Can I create such a rule. Any pointers on this will help. Tried few things but have not been able to get this working.

apiVersion: “security.istio.io/v1beta1
kind: “AuthorizationPolicy”
metadata:
name: “allow-nothing”
namespace: default
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:

  • from:
    • source:
      notRequestPrincipals: ["*"]