Skip to content

Cluster-Wide Service Mesh rules

Overview

Cluster-Wide Service Mesh Rules is a construct that defines a grouping of service mesh rules that can then be applied to a cluster-wide policy.

Important

Org Admin or Infra Admin role is required to create and use cluster-wide service mesh rules

How to write Cluster-wide rules

Any rule specified for the root namespace (commonly "istio-system") is applied cluster-wide. Any rule specified at namespace level will override same/similar rule specified at cluster level.

Example of a cluster-wide service mesh rule

Below example enables Strict mTLS across the cluster.

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: "cluster-strict-mtls"
  namespace: "istio-system"
spec:
  mtls:
    mode: STRICT

Creating a Cluster-Wide Network Policy Rules

Rules can be created by either uploading a YAML file with the CRD definition or by pulling the YAML file from Git.

  • Login to the controller and select Rules under Service Mesh
  • Click the Cluster tab and click New Rule
  • Provide a name for the rule, Click Create
  • Provide a version name
  • If uploading the file directly, click choose file and upload the file
  • If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
  • Click Save changes

Rules can be added to a cluster-wide policy by following the instructions in cluster-wide policy section.

Create Service Mesh Rule

Updating a Cluster-Wide Service Mesh Rules

  • Login to the controller and select Rules under Service Mesh
  • Go the Cluster tab and find or search for the name of the rule you want to update
  • Click the edit button to the right of the name of the rule and click New version
  • Provide a version name
  • If uploading the file directly, click choose file and upload the file
  • If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
  • Click Save changes

Rules can be added to a cluster-wide policy by following the instructions in cluster-wide policy section.

Update Network Policy Rule

Deleting a Cluster-Wide Network Policy Rules

  • Login to the controller and select Rules under Service Mesh
  • Go the Cluster tab and find or search for the name of the rule you want to update
  • Click the delete button to the right of the name of the rule