Trying to restrict pod to pod communication using Istio authorization, followed steps as specified in Istio Documentation. Even after applying the authorization policy not able to restrict the traffic to a specific pod, service/pod is accessible from all pods in the namespace.
Below is the authorization policy
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: whitelist-service
namespace: default
spec:
selector
matchLabels:
app.kubernetes.io/name: service-A
action: ALLOW
rules:
- from:
- source:
principals: ["cluster.local/ns/default/sa/service-B-svc-account"]
- to:
- operation:
ports: ["9090"]
Also enabled the mTLS in the namespace but still not able to restrict traffic between 2 pods.
I am still relatively new to Istio so any help pointing me into the right direction would be most appreciated!