im new to consul and wanted to apply some intentions to my backend service. Basically i have a service to which i port-forward to. I got two routes. /reservations/simpleget and /reservations/simplepost. I wanted to block all requests I sent to my /simplepost endpoint. Specifically all POST-Request that are sent to it.

First I configured my Intentions with the UI, they didnt work. Then I tryed to apply a Service Intention, which also couldn’t enforce the rules i told it to.

What am i missing?

Here is my full deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
  namespace: consul-hofladen
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend
  template:
    metadata:
      labels:
        app: backend
      annotations:
        consul.hashicorp.com/connect-inject: "true"
    spec:
      containers:
      - name: backend
        image: t3rmo/hofladen_backend:latest
        env:
        - name: SPRING_DATASOURCE_URL
          value: "jdbc:postgresql://postgres.consul-hofladen.svc.cluster.local/hofladen"
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: backend
  namespace: consul-hofladen
  annotations:
    consul.hashicorp.com/connect-service-upstreams: "api:8080"
spec:
  type: ClusterIP
  ports:
  - port: 8080
    targetPort: 8080
  selector:
    app: backend
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: backend
  namespace: consul-hofladen
spec:
  protocol: http
---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions
metadata:
  name: backend-intentions
spec:
  destination:
    name: backend
  sources:
    - name: allow-get
      permissions:
        - action: allow
          http:
            pathPrefix: /reservations/simpleget
            methods: ['GET', 'PUT', 'DELETE', 'HEAD']
    - name: dont-allow-post
      permissions:
        - action: deny
          http:
            pathPrefix: /reservations/simplepost
            methods: ['POST']

Some other issues i have are with retry and timeouts not working aswell. Circuit Breaking works as intendet. Im confused, maybe its a bigger issue.

Here my values.yaml File

global:
  name: consul-hofladen
  metrics:
    enabled: true
    enableAgentMetrics: true
    agentMetricsRetentionTime: "59m"
prometheus:
  enabled: true

ui:
  metrics:
    enabled: true
    provider: "prometheus"
    baseURL: http://prometheus-server
connectInject:
  metrics:
    defaultEnabled: true
    defaultEnableMerging: false
    defaultPrometheusScrapePort: 20200
    defaultPrometheusScrapePath: "/actuator/prometheus"
  apiGateway:
    managedGatewayClass:
      serviceType: LoadBalancer