Replies: 2 comments 4 replies
-
You can create authorizationPolicy in Please show what is your config look like |
Beta Was this translation helpful? Give feedback.
3 replies
-
Hey @hzxuzhonghu |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have two services in different namespaces let's say
namespacea
andnamespaceb
so how can I restrict that only services innamespacea
can access to services innamespaceb
using an Authz Policy sources with namespacesI have been following these Authz policy examples
But stills throws me 403 error since I have checked that the request header from my service on
namespacea
is missing thex-forwarded-client-cert
sincessl
is none.I know within the same namespace the services can communicate using the namespace Authz isolation but if they are in different namespaces I face this issue.
I also have set the DestinationRule for service in
namespaceb
an set ttls mode ISTIO_MUTUAL and PeerAuthentication for both namespaces are in PERMISSIVE.So my questions are how to enable the mTLS for both ns?, how can I specify that my service in
namespacea
has to use mTLS when sending the request to service innamespaceb
in other words to send the ssl or the spiffe tokenI am using istio on default profile
Update
I have done some testing and notice when I use the service ip or DNS of the service the header is present on the request but if I use the pod ip is not present.
What can cause this problem when using pod ip?
Beta Was this translation helpful? Give feedback.
All reactions