I’m looking to utilize Istio RBAC for HTTP services based on Kubernetes Service Account and Kubernetes namespace naming conventions. My plan currently is to setup a namespace level ServiceRoleBinding similar to this
apiVersion: "rbac.istio.io/v1alpha1" kind: ServiceRoleBinding metadata: name: binding-users namespace: namespacePrefix-test spec: subjects: - properties: source.namespace: "namespacePrefix*" - properties: source.principal: "cluster.local/ns/namespacePrefix*" roleRef: kind: ServiceRole name: "service-viewer"
My question is, are the wildcards in Authorization property values above a supported feature? I’ve seen examples using only a wildcard value (’*’), but haven’t been able to locate specific documentation on what wildcard patterns are supported.
I’ve tested this on 1.1.2 and confirmed the above functionality works, but wanted to confirm it’ll continue working going forward.