| apiVersion: security.istio.io/v1beta1 |
| kind: RequestAuthentication |
| metadata: |
| name: "default" |
| namespace: "{{ .RootNamespace }}" |
| spec: |
| jwtRules: |
| - issuer: "test-issuer-1@istio.io" |
| jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" |
| - issuer: "test-issuer-2@istio.io" |
| jwksUri: "https://raw.githubusercontent.com/istio/istio/master/tests/common/jwt/jwks.json" |
| --- |
| apiVersion: security.istio.io/v1beta1 |
| kind: AuthorizationPolicy |
| metadata: |
| name: authz-ingress |
| namespace: "{{ .RootNamespace }}" |
| spec: |
| selector: |
| matchLabels: |
| istio: ingressgateway |
| rules: |
| - to: |
| - operation: |
| hosts: ["example.com"] |
| from: |
| - source: |
| requestPrincipals: ["test-issuer-1@istio.io/sub-1"] |
| - to: |
| - operation: |
| hosts: ["any-request-principlal-ok.com"] |
| from: |
| - source: |
| requestPrincipals: ["*"] |
| - to: |
| - operation: |
| paths: ["/healthz"] |