You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 lines
1.3 KiB
78 lines
1.3 KiB
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: activator-service
|
|
namespace: knative-serving
|
|
spec:
|
|
action: ALLOW
|
|
selector:
|
|
matchLabels:
|
|
app: activator
|
|
rules:
|
|
- {}
|
|
---
|
|
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: autoscaler
|
|
namespace: knative-serving
|
|
spec:
|
|
action: ALLOW
|
|
selector:
|
|
matchLabels:
|
|
app: autoscaler
|
|
rules:
|
|
- {}
|
|
---
|
|
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: controller
|
|
namespace: knative-serving
|
|
spec:
|
|
action: ALLOW
|
|
selector:
|
|
matchLabels:
|
|
app: controller
|
|
rules:
|
|
- {}
|
|
---
|
|
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: webhook
|
|
namespace: knative-serving
|
|
spec:
|
|
action: ALLOW
|
|
selector:
|
|
matchLabels:
|
|
role: webhook
|
|
rules:
|
|
- {}
|
|
|
|
---
|
|
apiVersion: security.istio.io/v1beta1
|
|
kind: AuthorizationPolicy
|
|
metadata:
|
|
name: istio-webhook
|
|
namespace: knative-serving
|
|
spec:
|
|
action: ALLOW
|
|
selector:
|
|
matchLabels:
|
|
app: net-istio-webhook
|
|
rules:
|
|
- {}
|
|
---
|
|
|
|
# DestinationRule for mTLS
|
|
apiVersion: "networking.istio.io/v1alpha3"
|
|
kind: DestinationRule
|
|
metadata:
|
|
name: knative
|
|
namespace: knative-serving
|
|
spec:
|
|
host: "*.knative-serving.svc.cluster.local"
|
|
trafficPolicy:
|
|
tls:
|
|
mode: ISTIO_MUTUAL
|
|
|