Allow traffic from a namespacev2.12+
Use MeshTrafficPermission to allow requests from every workload in a namespace by matching a SPIFFE ID prefix.
Configuration
apiVersion: kuma.io/v1alpha1
kind: MeshTrafficPermission
metadata:
name: allow-observability-ns
namespace: kong-mesh-demo
labels:
kuma.io/mesh: default
spec:
rules:
- default:
allow:
- spiffeID:
type: Prefix
value: spiffe://default.default.mesh.local/ns/observabilityCopied!
type: MeshTrafficPermission
name: allow-observability-ns
mesh: default
spec:
rules:
- default:
allow:
- spiffeID:
type: Prefix
value: spiffe://default.default.mesh.local/ns/observabilityCopied!
Adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration.
resource "konnect_mesh_traffic_permission" "allow_observability_ns" {
provider = konnect-beta
type = "MeshTrafficPermission"
name = "allow-observability-ns"
spec = {
rules = [
{
default = {
allow = [
{
spiffe_id = {
type = "Prefix"
value = "spiffe://default.default.mesh.local/ns/observability"
}
}
]
}
}
]
}
labels = {
"kuma.io/mesh" = konnect_mesh.my_mesh.name
}
cp_id = konnect_mesh_control_plane.my_meshcontrolplane.id
mesh = konnect_mesh.my_mesh.name
}
Copied!