Issue with Istio Authorization Policy at Namespace level

mmreddy424 · November 25, 2021, 5:20am

Hi Team,

I am trying to setup the Istio Authorization Policy at Namespace level in my EKS cluster. I have wriiten the Authorization deny Policy for particaular namespace(murali namespace).
Then i am trying to run the curl from a different(default) namespace to the murali namespace application. But even i used deny policy, CURL is working. It is not showing the RBAC access denied.

	
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: httpbin
  namespace: murali
spec:
  action: DENY
  rules:
  - from:
    - source:
        namespaces: ["default"]

Curl Command:

curl -kv --header ‘Host: muralidhara.com’ http://a94aeb8c95d444f7d90a4e6ea3bd9e01-912703673.us-east-2.elb.amazonaws.com/productpage

Is it an issue from istio side or anything i did a mistake from my end? I need someone to help to resolve the issue.

Thanks
Muralidhara Reddy

Topic		Replies	Views
Another AuthorizationPolicy Question - IP Whitelist for VirtualService Security	5	2060	February 11, 2021
AuthorizationPolicy and Namespaces Security	1	2256	February 21, 2020
Istio AuthorizationPolicy configuration issue: JWT authentication not working within specified namespace Security security	0	384	June 12, 2023
Help with Istio Authorization policy	0	368	May 19, 2021
Authorization Policies having unexpected results on istio-1.9.0 Networking security	1	548	February 23, 2021

Issue with Istio Authorization Policy at Namespace level

Related topics