Skip to content

Instantly share code, notes, and snippets.

@tdewin
Last active May 20, 2026 14:46
Show Gist options
  • Select an option

  • Save tdewin/66da92128f6dac202d67cd33dd4488a2 to your computer and use it in GitHub Desktop.

Select an option

Save tdewin/66da92128f6dac202d67cd33dd4488a2 to your computer and use it in GitHub Desktop.
bookinfo-policies
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
namespace: bookinfo
name: injectheader
spec:
hosts:
- header-dump-svc
http:
- headers:
request:
add:
x-custom-header: "injectingheader"
route:
- destination:
host: header-dump-svc
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
name: http-from-in-bookinfo
namespace: bookinfo
spec:
action: ALLOW
selector:
matchLabels:
app: productpage
rules:
- from:
- source:
principals: ["cluster.local/ns/bookinfo/sa/oc-python-runner"]
to:
- operation:
methods: ["GET","POST"]
# show proxies
istioctl proxy-status
# info
PROXY=$(istioctl proxy-status | grep inside | cut -f1 -d" ")
istioctl proxy-config all $PROXY
istioctl proxy-config secret $PROXY
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
name: "frontend-ingress"
namespace: bookinfo
spec:
selector:
matchLabels:
istio: ingressgateway
action: DENY
rules:
- from:
- source:
notRequestPrincipals: ["*"]
apiVersion: security.istio.io/v1
kind: RequestAuthentication
metadata:
name: "jwt-example"
namespace: bookinfo
spec:
selector:
matchLabels:
istio: ingressgateway
jwtRules:
- issuer: "testing@secure.istio.io"
jwksUri: "https://raw.githubusercontent.com/istio/istio/release-1.30/security/tools/jwt/samples/jwks.json"
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: reviews
namespace: bookinfo
spec:
hosts:
- reviews
http:
- timeout: 300ms
retries:
attempts: 3
perTryTimeout: 300ms
retryOn: gateway-error,connect-failure,refused-stream,timeout
route:
- destination:
host: reviews
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: ratings
namespace: bookinfo
spec:
hosts:
- ratings
http:
- fault:
delay:
percentage:
value: 20
fixedDelay: 5s
route:
- destination:
host: ratings
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: reviews
namespace: bookinfo
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 75
- destination:
host: reviews
subset: v2
weight: 25
---
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
name: reviews-dr
namespace: bookinfo
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
name: reviews
namespace: bookinfo
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: "beta"
route:
- destination:
host: reviews
subset: v3
- match:
- headers:
end-user: {}
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
namespace: bookinfo
name: reviews-dr
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
---
apiVersion: security.istio.io/v1
kind: PeerAuthentication
metadata:
namespace: bookinfo
name: default
spec:
mtls:
mode: STRICT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment