JWT Policy does not take affect!

Target of the policy is the service (kubectl get svc), and the naming convention to mark the service protocol as HTTP is to prefix it with http or https like in my service’s example:

ports:

  • name: http-letsencrypt
    port: 9080
    protocol: TCP
1 Like

Thanks for the clarification.

Seemingly adding http- prefix to svc port name and removing mtls gets me a step closter.

Has anyone figured this out? I tried everything I could find with no luck. As mentioned before, the MeshPolicy achieves the desired effect, but the Policy doesn’t work at all. I opened an issue on the Istio GH to try to get some answers.

I am having the same issue. Policy is not taking effect. here is my policy yaml.
apiVersion: “authentication.istio.io/v1alpha1
kind: “Policy”
metadata:
name: aspendemo
spec:
targets:

  • name: api
    origins:
  • jwt:
    issuer: “http://104.20…”
    jwksUri: “http://104.20…/.well-known/openid-configuration/jwks”
    principalBinding: USE_ORIGIN

When i use MeshPolicy looks like it get enforced

Can somone help? is the product not stable.

Hello everyone,

switching from:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: my-service
  name: my-service
spec:
  ports:
  - port: 8080
    protocol: TCP
  selector:
    app: my-service
  type: ClusterIP

to:

apiVersion: v1
kind: Service
metadata:
  labels:
    app: my-service
  name: my-service
spec:
  ports:
  - port: 8080
    protocol: TCP
    name: http
  selector:
    app: my-service
  type: ClusterIP

solved the problem as Policy file is now taken and used correctly

Policy configuration:

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: jwt-policy
spec:
  targets:
  - name: ent-man-serv
    ports: 
    - number: 8080
...