Cluster-Wide Service Mesh rules¶
Overview¶
Cluster-Wide Service Mesh Rules is a construct that defines a grouping of service mesh rules that can then be applied to a cluster-wide policy.
Important
Org Admin or Infra Admin role is required to create and use cluster-wide service mesh rules
How to write Cluster-wide rules¶
Any rule specified for the root namespace (commonly "istio-system") is applied cluster-wide. Any rule specified at namespace level will override same/similar rule specified at cluster level.
Example of a cluster-wide service mesh rule¶
Below example enables Strict mTLS across the cluster.
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "cluster-strict-mtls"
namespace: "istio-system"
spec:
mtls:
mode: STRICT
Creating a Cluster-Wide Network Policy Rules¶
Rules can be created by either uploading a YAML file with the CRD definition or by pulling the YAML file from Git.
- Login to the controller and select Rules under Service Mesh
- Click the Cluster tab and click New Rule
- Provide a name for the rule, Click Create
- Provide a version name
- If uploading the file directly, click choose file and upload the file
- If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
- Click Save changes
Rules can be added to a cluster-wide policy by following the instructions in cluster-wide policy section.
Updating a Cluster-Wide Service Mesh Rules¶
- Login to the controller and select Rules under Service Mesh
- Go the Cluster tab and find or search for the name of the rule you want to update
- Click the edit button to the right of the name of the rule and click New version
- Provide a version name
- If uploading the file directly, click choose file and upload the file
- If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
- Click Save changes
Rules can be added to a cluster-wide policy by following the instructions in cluster-wide policy section.
Deleting a Cluster-Wide Network Policy Rules¶
- Login to the controller and select Rules under Service Mesh
- Go the Cluster tab and find or search for the name of the rule you want to update
- Click the delete button to the right of the name of the rule