Istio RBAC restrict to sercicenames

we were able to define the service role binding based on service account by mentioning the user and namespace level by mentioning that in properties. Is there any way we can allow only a particular service to access other service. Instead of mentioning the user or namespace level, we want to control based on the service names. The main reason being if we give control w.r.t service account level, any deployment can use the service account in the same namespace and get all the access. How can we solve this.?

1 Like

Currently this is not supported, the source service name is not a secured attribute on the server side, and it may even doesn’t exist at all in the server side.

Is it possible for you to create a dedicated service account for your source and use k8s RBAC to enforce access control to the service account?

Thanks for the reply but when we create a service account in a namespace, by default all the pods inside that namespace can simply use that service account by mentioning the service account name in the deployment yaml file