You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
692 B
24 lines
692 B
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: istio-ingressgateway-require-jwt
|
|
namespace: istio-system
|
|
spec:
|
|
action: DENY
|
|
selector:
|
|
matchLabels:
|
|
app: istio-ingressgateway
|
|
rules:
|
|
# Deny requests that don't have a verified JWT (from a RequestAuthentication)
|
|
# Note, even user requests that have been authenticated by oauth2-proxy will have a JWT,
|
|
# because oauth2-proxy injects a Dex JWT into the request.
|
|
- from:
|
|
- source:
|
|
notRequestPrincipals: ["*"]
|
|
to:
|
|
- operation:
|
|
notPaths:
|
|
# Exclude dex paths, otherwise users won't be able to log in.
|
|
- /dex/*
|
|
- /dex/**
|
|
- /oauth2/*
|
|
|