tencent cloud



Last updated: 2023-12-26 11:38:20


    This document describes how to implement permission controls to prevent running services in the production environment (base namespace) from being accessed by those in the test environment (test namespace).


    Configure the following AuthorizationPolicy to prevent services in the test namespace from accessing those in the base namespace. Configure the authorization rule in the console as shown below:
    Or submit the following YAML file to the primary cluster:
    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    name: base-authz
    namespace: base
    action: DENY
    - from:
    - source:
    - test
    After the configuration, view the Pod log of the client service in the test namespace in the TKE console, which shows that the client service failed to access the user service in the base namespace. In this case, the authorization policy is effective. After the authorization rule is configured, a failed access is as shown below:
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support