Istio RBAC - v1.1.5 - K8S

I am using Istio v1.1.5 on GKE.
I deployed manually Istio using the helm chart and I am trying to setup the RBAC (
I have created the ClusterRbacConfig

    apiVersion: ""
    kind: ClusterRbacConfig
      name: default
      mode: 'ON'

However I can still access all my services.

I already tried to follow many suggestions:

  • enable MTLS
  • create destination rule with ISTIO_MUTUAL (got a code 56 error)
  • etc.

I am not yet working on ServiceRole/ServiceRoleBinding, what I would like as the moment is to get the Access Denied error if I call any of my services.

Thanks for your help.

AFAIK, you don’t need to turn on authentication if you just want to see access denied error. Could you try this first and see what went wrong?

So basically, I tried all of that but nothing worked on my cluster.
Therefore, I tried on a fresh cluster and it works well.
So I guess it’s a config problem on my end. I am gonna dig a bit more.
Thanks! :wink:

Glad it works now :slight_smile: