chechuironman

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
    name: allow-auth-mongo
spec:
    selector:
      matchLabels:
        app: mongo
    rules:
    - from:

chechuironman

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: allow-apigw-auth
spec:
  selector:
    matchLabels:
      app: auth
  rules:
  - from:

chechuironman

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: deny-all-auth
spec:
  selector:
    matchLabels:
      app: auth
---
apiVersion: security.istio.io/v1beta1

chechuironman

curl  http://apigw-cloud-lab.apps.cp41apps.notesfromchechu.com/api/users/list_courses -vH @token.txt
*   Trying 70.85.10.2...
* TCP_NODELAY set
* Connected to apigw-cloud-lab.apps.cp41apps.notesfromchechu.com (70.85.10.2) port 80 (#0)
> GET /api/users/list_courses HTTP/1.1
> Host: apigw-cloud-lab.apps.cp41apps.notesfromchechu.com
> User-Agent: curl/7.64.1
> Accept: */*
> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlZmI4MGRkYWI3MjY5MDAxMzEyOGI1NiIsIm5hbWUiOiJ0ZXN0MTBAY2hlY2h1LmNvbSIsImlzcyI6ImNoZWNodTEiLCJhdWQiOiJhcGlndy1jbG91ZC1sYWIiLCJpYXQiOjE1OTUwMTE1OTUsImV4cCI6MTU5NTAxMTk1NX0.GOjMh4IDDFK_WDx7J1R2cBt_z-hRDlXgSAJGSvpDsuP7xNNW8c4NA08ql7wk337pPBKL_kGrbuyQgz2t0py9akyU8opcm1a37w2LZD1KVjNFPMc9IID53m5bog8qZOfNWSNNEJMVl1mtGXNsBjPHAqNixf806D6jiw-6yFQ99vMNI5qVMCM7MYkUXdjDijDIBxSTN7dRalZMMjr2gF8heTEqgnU39LNVULfg2LIeiosTKiAnERYmzo5yqYRMtd-hFQ4D8egeM7M2pKzxwBgt_lRK61eV38k8FGTJlmOtIOrQC7y2p_PlDgydJNKv9ylxaN7sayfCj7DX8n7KOjbZeg
>

chechuironman

curl  http://apigw-cloud-lab.apps.cp41apps.notesfromchechu.com/api/users/list_courses -vH @token.txt
*   Trying 70.85.10.2...
* TCP_NODELAY set
* Connected to apigw-cloud-lab.apps.cp41apps.notesfromchechu.com (70.85.10.2) port 80 (#0)
> GET /api/users/list_courses HTTP/1.1
> Host: apigw-cloud-lab.apps.cp41apps.notesfromchechu.com
> User-Agent: curl/7.64.1
> Accept: */*
> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlZmI4MGRkYWI3MjY5MDAxMzEyOGI1NiIsIm5hbWUiOiJ0ZXN0MTBAY2hlY2h1LmNvbSIsImlzcyI6ImNoZWNodSIsImF1ZCI6ImFwaWd3LWNsb3VkLWxhYiIsImlhdCI6MTU5NTAxMTQxMSwiZXhwIjoxNTk1MDExNzcxfQ.e28KhniWer0e0-kSZWn1YlStqPrK5Sbz6LoFdEcPjgOQtHVfsnysEBYokw6man0eJxfmPmTwXkYY6lxTUf_IVKA0Arbpzc0T8ycqgrsPzn-rxgld9aj0Ixg3FARvrM_2PC2N96HVbUFBPlrs1iFrWkhFlzrG9lzQhbU4WnNMLL_Ys5S8aPSKMIBwMr2MBvk2MaIoA_e21mxdSCXB9-ZZno9VNEeAeXxAgiIeAVH6OX6QptsForV6gEDPqDujow3tFmr05FIDuIHsc5fZCRZsk8qYuBbwdsG9uhPZWECspptIf84yWrYadpFA3Yew--ToIYEbjw9o9iWKTjKJ0D-L-Q
>

chechuironman

kind: Policy
apiVersion: authentication.istio.io/v1alpha1
metadata:
  name: jwt-auth-apigw-policy
  namespace: cloud-lab
spec:
  targets:
    - name: apigw
  peers:
    - mtls: {}

chechuironman

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: "default"
  namespace: "cloud-lab"
spec:
  peers:
  - mtls: {}

chechuironman

kind: DestinationRule
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: default
  namespace: cloud-lab
spec:
  host: '*.cloud-lab.svc.cluster.local'
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL

chechuironman

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: ui-virtualservice
spec:
  hosts:
  - "ui-cloud-lab.apps.cp41apps. chechu.com"
  gateways:
  - ui-gateway
  http:

chechuironman

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: ui-gateway
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80