Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
---
kind: AuthorizationPolicy
apiVersion: security.istio.io/v1beta1
metadata:
  name: sdc-fe2fe-ui-authz-oauth2-proxy
  namespace: istio-ingress
spec:
  selector:
    matchLabels:
      istio: ingress
  action: CUSTOM
  provider:
    name: oauth2-proxy
  rules:
    - to:
        - operation:
            hosts: ["sdc-fe2-ui-tnap-master-sm.tnaplab.telekom.de"]fe-ui.simpledemo.onap.org"]

In case of gateway-api the solution is a bit different, as the selector is different (e.g. when a common gateway is used):

Code Block
---
kind: AuthorizationPolicy
apiVersion: security.istio.io/v1beta1
metadata:
  name: sdc-fe-ui-authz-oauth2-proxy
  namespace: istio-ingress
spec:
  selector:
    matchLabels:
      istio.io/gateway-name: common-gateway
  action: CUSTOM
  provider:
    name: oauth2-proxy
  rules:
    - to:
        - operation:
            notPathshosts: ["/auth/*","/oauth2/*sdc-fe-ui.simpledemo.onap.org"]


Behaviour:

Launch SDC-FE URL :

...