I have this gateway configured in GKE with a static regional IP.
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
namespace: istio-ingress
spec:
gatewayClassName: istio
listeners:
- name: http
port: 80
protocol: HTTP
allowedRoutes:
namespaces:
from: All
addresses:
- value: "x.x.x.x"
type: IPAddress
the service:
apiVersion: v1
kind: Service
metadata:
name: my-gateway-istio
namespace: istio-ingress
labels:
gateway.istio.io/managed: istio.io-gateway-controller
spec:
externalTrafficPolicy: Local
ports:
- appProtocol: tcp
name: status-port
port: 15021
protocol: TCP
targetPort: 15021
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: 80
selector:
istio.io/gateway-name: my-gateway
type: LoadBalancer
the HTTPRoute:
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: my-gateway-http-route
spec:
parentRefs:
- name: my-gateway
namespace: istio-ingress
rules:
- matches:
- path:
type: Exact
value: "/test"
backendRefs:
- name: my-service
port: 8080
and the authorization policy:
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: my-gateway-authorization-policy
namespace: istio-ingress
spec:
selector:
matchLabels:
istio.io/gateway-name: my-gateway
action: ALLOW
rules:
- from:
- source:
ipBlocks:
- x.x.x.x # Test IP
The policy is not working. I've gone through some troubleshooting, changing some configs, reinstalling everything and also trying to check the istio pod logs:
kubectl patch deployment my-gateway -n istio-ingress -p'{"spec":{"template":{"spec":{"containers":[{"name":"istio-proxy","args":["proxy", "sidecar", "--proxyLogLevel=debug"]}]}}}}'
but I wasn't able to find anything that would help me to solve this issue til now.
I'm using kubernetes gateway API: https://gateway-api.sigs.k8s.io/guides/
