blob: e9c77b4fbf08c2e0c90b8b7aa06d2a0bd1db8e29 [file] [log] [blame]
# We have two namespaces. A service in primary has MTLS specified and a DR, but
# its not exported. This should cause traffic from secondary to fail.
# Note that we also have a service in secondary with an identical DR, but its
# exported publicly so no problems occur.
apiVersion: v1
kind: Namespace
metadata:
name: primary
---
apiVersion: v1
kind: Namespace
metadata:
name: secondary
---
apiVersion: v1
kind: Service
metadata:
name: myservice
namespace: primary
spec:
selector:
app: myservice
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: v1
kind: Pod
metadata:
name: myservice-pod
namespace: primary
labels:
app: myservice
spec:
containers:
- name: istio-proxy
---
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: primary
spec:
targets:
- name: myservice
peers:
- mtls: {}
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: default
namespace: primary
spec:
host: myservice.primary.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
exportTo:
- "."
---
apiVersion: v1
kind: Service
metadata:
name: myotherservice
namespace: secondary
spec:
selector:
app: myotherservice
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: v1
kind: Pod
metadata:
name: myotherservice-pod
namespace: secondary
labels:
app: myotherservice
spec:
containers:
- name: istio-proxy
---
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
namespace: secondary
spec:
targets:
- name: myotherservice
peers:
- mtls: {}
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: default
namespace: secondary
spec:
host: myotherservice.secondary.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
exportTo:
- "*"