I’ve got the following AuthorizationPolicy:
apiVersion: security.istio.io/v1beta1 kind: AuthorizationPolicy metadata: name: allowed-http-methods namespace: istio-system spec: selector: matchLabels: app: istio-ingressgateway action: ALLOW rules: - to: - operation: methods: ["GET", "HEAD"] - operation: methods: ["DELETE", "POST", "PUT"] paths: ["/foobar/*"]
When adding the policy to my cluster with kubectl apply, istiod logs the following error:
2020-09-15T13:42:56.326596Z error authorization skipped rule ns[istio-system]-policy[allowed-http-methods]-rule: :method must not be used in TCP
Why does istio assume this is a TCP rule?
The policy is working fine though, so perhaps it is just a wrong error message.