Thank you!
Say I need one service has abilities to GET from another service.
I am creating simple ServiceRole which allows GET to my httpbin service:
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRole
metadata:
name: httpbin
namespace: default
spec:
rules:
- services: ["httpbin.default.svc.cluster.local"]
methods: ["GET", "HEAD"]
And I am trying to bind this role to another service:
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: httpbind
namespace: default
spec:
subjects:
- properties:
source.namespace: "default" // What property to use ???
roleRef:
kind: ServiceRole
name: "httpbin"
How could I achieve that? I see the closest one is source.principal property, but that means I will need to create a service account for all services?
Thank you!