I want to make JWT required for all requests from ingressgateway but not required across workload within the mesh. I have configured “RequestAuthentication” & “AuthorizationPolicy” for ingressGateway and it works perfectly. But after I did the same for a workload (A), ended up another workload (B) failed to call A as no JWT is attached in request. I can’t take out the “AuthorizationPolicy” for workload A as JWT is needed to check whether the request is authorized. How do I make that happen?
You can make a namespace or mesh wide authorization policy for inter service communication.
As Authzpolicy are additive.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: justtry
namespace:
spec:
action: ALLOW
rules:
- from:
- source:
principals: [“cluster.local/ns/*”]
- source: