Skip to content

Namespace-Wide Service Mesh rules

Overview

Namespace-Wide Service Mesh Rules is a construct that defines a grouping of service mesh rules that can then be applied to a namespace-wide policy.

Important

Org Admin or Infra Admin or Project Admin or Workspace Admin role is required to create and use Namespace-wide service mesh rules

How to write Namespace-wide rules

Any rule specified for a namespace is applied to that namespace. Any rule specified at namespace level will override same/similar rule specified at cluster level.

Examples of a Namespace-wide service mesh rule

Below example enables Strict mTLS to all communication to and from the namespace "foo".

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: "foo-strict-mtls"
  namespace: "foo"
spec:
  mtls:
    mode: STRICT

Below example equally distributes traffic to "reviews" namespace between v1 and v3 versions.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - route:
    - destination:
        host: reviews
        subset: v1
      weight: 50
    - destination:
        host: reviews
        subset: v3
      weight: 50

Creating a Namespace-Wide Network Policy Rules

Rules can be created by either uploading a YAML file with the CRD definition or by pulling the YAML file from Git.

  • Login to the controller and select Rules under Service Mesh
  • Click the Namespace tab and click New Rule
  • Provide a name for the rule, Click Create
  • Provide a version name
  • If uploading the file directly, click choose file and upload the file
  • If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
  • Click Save changes

Rules can be added to a namespace-wide policy by following the instructions in namespace-wide policy section.

Create Service Mesh Rule

Updating a Namespace-Wide Service Mesh Rules

  • Login to the controller and select Rules under Service Mesh
  • Go the Namespace tab and find or search for the name of the rule you want to update
  • Click the edit button to the right of the name of the rule and click New version
  • Provide a version name
  • If uploading the file directly, click choose file and upload the file
  • If using Git, select Pull file from repository and select the appropriate Git repository, revision number, and path to the YAML file in the git repo
  • Click Save changes

Rules can be added to a namespace-wide policy by following the instructions in namespace-wide policy section.

Update Network Policy Rule

Deleting a Namespace-Wide Network Policy Rules

  • Login to the controller and select Rules under Service Mesh
  • Go the Namespace tab and find or search for the name of the rule you want to update
  • Click the delete button to the right of the name of the rule