Task 16: AuthorizationPolicy in Olive Namespace

Step 1: Switch to Correct Context

kubectl config use-context cluster3-admin@cluster3

Step 2: Create AuthorizationPolicy

kubectl apply -f - <<'EOF'
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: allow-get-policy
  namespace: olive
spec:
  action: ALLOW
  selector:
    matchLabels:
      app: olive
  rules:
  - from:
    - source:
        namespaces: ["orchid"]
    to:
    - operation:
        paths: ["/mars"]
EOF

Verification

# Check AuthorizationPolicy
kubectl get authorizationpolicy -n olive
kubectl describe authorizationpolicy allow-get-policy -n olive

Testing

# Test from orchid namespace to /mars path (should work)
kubectl exec -n orchid sleep-orchid -- curl -s http://olive-echo.olive/mars

# Test from another namespace (should fail with RBAC: access denied)
kubectl exec -n lime sleep-lime -- curl -s http://olive-echo.olive/mars

# Test different path from orchid (should fail)
kubectl exec -n orchid sleep-orchid -- curl -s http://olive-echo.olive/moon

# Expected responses:
# - orchid → /mars: JSON response from olive service
# - other namespace → /mars: RBAC: access denied
# - orchid → other path: RBAC: access denied

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Task 16: AuthorizationPolicy in Olive Namespace

Step 1: Switch to Correct Context

Step 2: Create AuthorizationPolicy

Verification

Testing

FilesExpand file tree

16.MD

Latest commit

History

16.MD

File metadata and controls

Task 16: AuthorizationPolicy in Olive Namespace

Step 1: Switch to Correct Context

Step 2: Create AuthorizationPolicy

Verification

Testing