pkg/config/analysis/analyzers/testdata/mtls-exports.yaml - dubbo-go-pixiu - Git at Google

 # We have two namespaces. A service in primary has MTLS specified and a DR, but
 # its not exported. This should cause traffic from secondary to fail.
 # Note that we also have a service in secondary with an identical DR, but its
 # exported publicly so no problems occur.
 apiVersion: v1
 kind: Namespace
 metadata:
   name: primary
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
   name: secondary
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: myservice
   namespace: primary
 spec:
   selector:
     app: myservice
   ports:
     - protocol: TCP
       port: 80
       targetPort: 8080
 ---
 apiVersion: v1
 kind: Pod
 metadata:
   name: myservice-pod
   namespace: primary
   labels:
     app: myservice
 spec:
   containers:
   - name: istio-proxy
 ---
 apiVersion: authentication.istio.io/v1alpha1
 kind: Policy
 metadata:
   name: default
   namespace: primary
 spec:
   targets:
   - name: myservice
   peers:
   - mtls: {}
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: default
   namespace: primary
 spec:
   host: myservice.primary.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
   exportTo:
   - "."
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: myotherservice
   namespace: secondary
 spec:
   selector:
     app: myotherservice
   ports:
     - protocol: TCP
       port: 80
       targetPort: 8080
 ---
 apiVersion: v1
 kind: Pod
 metadata:
   name: myotherservice-pod
   namespace: secondary
   labels:
     app: myotherservice
 spec:
   containers:
   - name: istio-proxy
 ---
 apiVersion: authentication.istio.io/v1alpha1
 kind: Policy
 metadata:
   name: default
   namespace: secondary
 spec:
   targets:
   - name: myotherservice
   peers:
   - mtls: {}
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: default
   namespace: secondary
 spec:
   host: myotherservice.secondary.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
   exportTo:
   - "*"
	# We have two namespaces. A service in primary has MTLS specified and a DR, but
	# its not exported. This should cause traffic from secondary to fail.
	# Note that we also have a service in secondary with an identical DR, but its
	# exported publicly so no problems occur.
	apiVersion: v1
	kind: Namespace
	metadata:
	name: primary
	---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: secondary
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: myservice
	namespace: primary
	spec:
	selector:
	app: myservice
	ports:
	- protocol: TCP
	port: 80
	targetPort: 8080
	---
	apiVersion: v1
	kind: Pod
	metadata:
	name: myservice-pod
	namespace: primary
	labels:
	app: myservice
	spec:
	containers:
	- name: istio-proxy
	---
	apiVersion: authentication.istio.io/v1alpha1
	kind: Policy
	metadata:
	name: default
	namespace: primary
	spec:
	targets:
	- name: myservice
	peers:
	- mtls: {}
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: DestinationRule
	metadata:
	name: default
	namespace: primary
	spec:
	host: myservice.primary.svc.cluster.local
	trafficPolicy:
	tls:
	mode: ISTIO_MUTUAL
	exportTo:
	- "."
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: myotherservice
	namespace: secondary
	spec:
	selector:
	app: myotherservice
	ports:
	- protocol: TCP
	port: 80
	targetPort: 8080
	---
	apiVersion: v1
	kind: Pod
	metadata:
	name: myotherservice-pod
	namespace: secondary
	labels:
	app: myotherservice
	spec:
	containers:
	- name: istio-proxy
	---
	apiVersion: authentication.istio.io/v1alpha1
	kind: Policy
	metadata:
	name: default
	namespace: secondary
	spec:
	targets:
	- name: myotherservice
	peers:
	- mtls: {}
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: DestinationRule
	metadata:
	name: default
	namespace: secondary
	spec:
	host: myotherservice.secondary.svc.cluster.local
	trafficPolicy:
	tls:
	mode: ISTIO_MUTUAL
	exportTo:
	- "*"