I’ve been playing around with Istio authentication, more or less following the guides on the references.
I have the following service and virtual service:
# Sets up de deployment definition apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: postauth name: postauth # for now we use a specific dev namespace namespace: dev spec: replicas: 1 selector: matchLabels: app: postauth template: metadata: labels: app: postauth spec: containers: - name: postauth image: local/postauth:v1 ports: - containerPort: 8080 env: # env variables, these we get from a configmap - name: DEV_DATABASE_URL valueFrom: configMapKeyRef: name: postgres-config key: url - name: DEV_POSTGRES_USER valueFrom: configMapKeyRef: name: postgres-config key: user # and this from a secret - name: DEV_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: postgres-password key: password # this checks if the service is STILL running livenessProbe: httpGet: port: 8080 path: /actuator/health initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 2 # this checks if the service can be exposed readinessProbe: httpGet: port: 8080 path: /actuator/health initialDelaySeconds: 10 periodSeconds: 3 --- # Sets up the service apiVersion: v1 kind: Service metadata: name: postauth namespace: dev labels: app: postauth spec: ports: - name: http port: 8080 targetPort: 8080 selector: app: postauth --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: dev-virtual-service namespace: dev spec: hosts: - "*" gateways: - http-gateway http: - route: - destination: port: number: 8080 host: postauth.dev.svc.cluster.local
I haven’t added any policies yet and the app itself should make the /actuator/health endpoint available without authentication. The issue is that every time i try to access any endpoint in the application i always get a 403 with the message
Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Wed Sep 25 10:14:46 GMT 2019 There was an unexpected error (type=Forbidden, status=403). Access Denied
I’ve tried removing the whole namespace and starting from scratch, but i always get the same result. Am I missing something?