Sidecar.IstioEgressListener limit external access

Veiko · April 8, 2020, 8:46am

Is it possible to limit the egress to external services using the resources Sidecar.

In my example I have a ServiceEntry in the namespace istio-system for storage.googleapis.com and I only want to give the pod egress access to the ServiceEntry mentioned above using the Sidecar.IstioEgressListener configuration. Is this possible and if so, how is this concretely configured in the Sidecar resource.

There are other ways to limit only one pod’s access to external resources.

Laci21 · May 5, 2020, 4:49pm

We have open-sourced an example repository which demonstrates how this can be done with the Sidecar resource. For more details, check out the related blog post.

Topic		Replies	Views
By default, all external access is allowed, but it shouldn't Networking	2	666	March 13, 2019
How to deny/allow connections to external services by source namespace? Security	5	2881	June 17, 2021
Istio Sidecar crd outboundTrafficPolicy set to REGISTRY_ONLY. ServiceEntry not honored Networking	0	457	April 23, 2022
How to restricted access external service on special app Policies and Telemetry	7	1156	May 5, 2020
Force Traffic Through A Egress Gateway security	0	558	February 4, 2021

Sidecar.IstioEgressListener limit external access

Related Topics