| # The following policy selects workload b in namespace 1 |
| |
| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: policy-ns1-{{ .b }} |
| namespace: "{{ .Namespace1 }}" |
| spec: |
| selector: |
| matchLabels: |
| "app": "{{ .b }}" |
| rules: |
| - to: |
| - operation: |
| paths: ["/policy-ns1-{{ .b }}"] |
| --- |
| |
| # The following policy selects workload c in namespace 1 |
| |
| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: policy-ns1-{{ .c }} |
| namespace: "{{ .Namespace1 }}" |
| spec: |
| selector: |
| matchLabels: |
| "app": "{{ .c }}" |
| rules: |
| - to: |
| - operation: |
| paths: ["/policy-ns1-{{ .c }}"] |
| --- |
| |
| # The following policy selects a non-exist workload in namespace 1 |
| |
| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: policy-ns1-x |
| namespace: "{{ .Namespace1 }}" |
| spec: |
| selector: |
| matchLabels: |
| "app": "{{ .dst1 }}" |
| "foo": "bla" |
| rules: |
| - to: |
| - operation: |
| paths: ["/policy-ns1-x"] |
| --- |
| |
| # The following policy selects all workloads in namespace 1 |
| |
| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: policy-ns1-all |
| namespace: "{{ .Namespace1 }}" |
| spec: |
| rules: |
| - to: |
| - operation: |
| paths: ["/policy-ns1-all"] |
| --- |