We have a service which acts as a context path for internal services. I am planning to add multiple jwt rules, bbut it is complaining that jwt is not configured, but it works with only one jwt rules.
How can we add multiple jwtrules for the same namespace/workloads?
<code>apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: spaceA
spec:
jwtRules:
-
forwardOriginalToken: true
fromHeaders:
-
name: Authorization
prefix: "Bearer "
issuer: [email protected]
jwksUri: "http://test/jwks"
selector:
matchLabels:
app: serviceA
---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: istio-system
spec:
jwtRules:
-
issuer: [email protected]
jwksUri: "http://test/jwks"
forwardOriginalToken: true
selector:
matchLabels:
istio: ingressgateway
</code>
<code>apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: spaceA
spec:
jwtRules:
-
forwardOriginalToken: true
fromHeaders:
-
name: Authorization
prefix: "Bearer "
issuer: [email protected]
jwksUri: "http://test/jwks"
selector:
matchLabels:
app: serviceA
---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: istio-system
spec:
jwtRules:
-
issuer: [email protected]
jwksUri: "http://test/jwks"
forwardOriginalToken: true
selector:
matchLabels:
istio: ingressgateway
</code>
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: spaceA
spec:
jwtRules:
-
forwardOriginalToken: true
fromHeaders:
-
name: Authorization
prefix: "Bearer "
issuer: [email protected]
jwksUri: "http://test/jwks"
selector:
matchLabels:
app: serviceA
---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: authentication-jwt-token
namespace: istio-system
spec:
jwtRules:
-
issuer: [email protected]
jwksUri: "http://test/jwks"
forwardOriginalToken: true
selector:
matchLabels:
istio: ingressgateway
New contributor
Check Test is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.