istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/config/kube/gateway/testdata/reference-policy-tcp.yaml (about) 1 apiVersion: gateway.networking.k8s.io/v1beta1 2 kind: Gateway 3 metadata: 4 name: gateway 5 namespace: istio-system 6 spec: 7 addresses: 8 - value: istio-ingressgateway 9 type: Hostname 10 gatewayClassName: istio 11 listeners: 12 - name: my-svc 13 port: 34000 14 protocol: TCP 15 allowedRoutes: 16 namespaces: 17 from: All 18 - name: echo 19 port: 34001 20 protocol: TCP 21 allowedRoutes: 22 namespaces: 23 from: All 24 --- 25 apiVersion: gateway.networking.k8s.io/v1beta1 26 kind: ReferenceGrant 27 metadata: 28 name: allow-service-tcp 29 namespace: service 30 spec: 31 from: 32 - group: gateway.networking.k8s.io 33 kind: TCPRoute 34 namespace: istio-system 35 to: 36 - group: "" 37 kind: Service 38 name: my-svc 39 --- 40 apiVersion: gateway.networking.k8s.io/v1beta1 41 kind: ReferenceGrant 42 metadata: 43 name: allow-service-http 44 namespace: default 45 spec: 46 from: 47 - group: gateway.networking.k8s.io 48 kind: HTTPRoute 49 namespace: istio-system 50 to: 51 - group: "" 52 kind: Service 53 name: echo 54 --- 55 apiVersion: gateway.networking.k8s.io/v1alpha2 56 kind: TCPRoute 57 metadata: 58 name: allowed-my-svc 59 namespace: istio-system 60 spec: 61 parentRefs: 62 - name: gateway 63 namespace: istio-system 64 sectionName: my-svc 65 rules: 66 - backendRefs: 67 - name: my-svc 68 namespace: service 69 port: 34000 70 --- 71 apiVersion: gateway.networking.k8s.io/v1alpha2 72 kind: TCPRoute 73 metadata: 74 name: not-allowed-echo 75 namespace: istio-system 76 spec: 77 parentRefs: 78 - name: gateway 79 namespace: istio-system 80 sectionName: echo 81 rules: 82 - backendRefs: 83 - name: echo 84 namespace: default 85 port: 34001