Prevent a pod to contact kubernetes api-server with istio, is possible?

Hi all,

for testing purposes I need to prevent a Pod to contact local Kubernetes api-server (i.e. the kubernetes.default.svc.cluster.local service). That connection is securely established with HTTPS protocol)

Is this something that can be done with Istio? We’re on a very old version (1.10.6)
I’ve tried is some different ways:

  • with fault injections, but it seems that I only do that on plain HTTP calls (and no HTTPS calls like the one to api-server)
  • with AuthorizationPolicies, but did not find a suitable way to use them for my needs

Thank you