Access Control
Access Control
The Access Control rules take some time to be applied and reflected. Be patient here! |
Whitelist
We’ll create a whitelist on the preference service to only allow requests from the recommendation service, which will make the preference service invisible to the customer service. Requests from the customer service to the preference service will return a 404 Not Found HTTP error code.
kubectl apply -f manifests/istio/routing-advanced/access-control/acl-whitelist.yml
curl $customer
customer => 404 NOT_FOUND:preferencewhitelist.listchecker.workshop:customer is not whitelisted
Blacklist
We’ll create a blacklist making the customer service blacklist to the preference service. Requests from the customer service to the preference service will return a 403 Forbidden HTTP error code.
kubectl apply -f manifests/istio/routing-advanced/access-control/acl-blacklist.yml
curl $customer
customer => 403 PERMISSION_DENIED:denycustomerhandler.denier.workshop:Not allowed