Skip to content

Authorization Policy

The authorization policy is similar to a L4 to L7 "firewall". It will analyze and match the data flow like a traditional firewall, and then perform corresponding actions. The authorization policy applies whether the request is from internal or external.

A reference YAML example for an authorization policy is as follows:

apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
   name: "ratings-viewer"
   namespace: default
spec:
   selector:
     matchLabels:
       app: ratings
   action: ALLOW
   rules:
   - from:
     - source:
         principals: ["cluster.local/ns/default/sa/bookinfo-reviews"]
     to:
     - operation:
         methods: ["GET"]

Service mesh provides two creation methods: wizard and YAML. The specific steps to create through the wizard are as follows:

  1. In the left navigation bar, click Security -> Authorization Policy , and click the Create button in the upper right corner.

    Create

  2. In the Create Request Authentication Policy interface, firstly fill in the basic settings and then click Next .

    Basic

  3. After setting the policy according to the screen prompts, click OK . See Policy Setting Parameter Description.

    Policy settings

  4. Return to the authorization list, and the screen prompts that the creation is successful.

    Successful submission

  5. On the right side of the list, click in the operation column to perform more operations through the pop-up menu.

    More operations

Note

Comments