istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/not-host.yaml.tmpl

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/tests/integration/security/testdata/authz/not-host.yaml.tmpl (about)

     1  apiVersion: networking.istio.io/v1beta1
     2  kind: Gateway
     3  metadata:
     4    name: gw-{{ .To.ServiceName }}
     5  spec:
     6    selector:
     7      istio: {{.GatewayIstioLabel | default "ingressgateway"}}
     8    servers:
     9      - port:
    10          number: 80
    11          name: http
    12          protocol: HTTP
    13        hosts:
    14          - "*.{{ .To.ServiceName }}.com"
    15  ---
    16  apiVersion: networking.istio.io/v1beta1
    17  kind: VirtualService
    18  metadata:
    19    name: vw-{{ .To.ServiceName }}
    20  spec:
    21    hosts:
    22      - "allow.{{ .To.ServiceName }}.com"
    23      - "deny.{{ .To.ServiceName }}.com"
    24    gateways:
    25      - gw-{{ .To.ServiceName }}
    26    http:
    27      - route:
    28          - destination:
    29              host: "{{ .To.ClusterLocalFQDN }}"
    30              port:
    31                number: {{ (.To.PortForName "http").ServicePort }}
    32  ---
    33  apiVersion: security.istio.io/v1beta1
    34  kind: AuthorizationPolicy
    35  metadata:
    36    name: allow-{{ .To.ServiceName }}
    37  spec:
    38    selector:
    39      matchLabels:
    40        "app": "{{ .To.ServiceName }}"
    41    action: ALLOW
    42    rules:
    43      - to:
    44        - operation:
    45            notHosts: [ "deny.{{ .To.ServiceName }}.com" ]