Open Policy Agent
403 - "rbac_access_denied_matched_policy[istio-ext-authz-ns[default]-policy[ext-authz]-rule[0]-deny-due-to-bad-CUSTOM-action #601
Closed
bvamshidhar
started this conversation in
Community
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm trying to get this running on my Azure Kubernetes cluster K8 version: 1.28.5, Istio: 1.20.3, OPA: 0.64.1
https://github.com/open-policy-agent/opa-envoy-plugin/blob/main/examples/istio/quick_start.yaml
I was able to get it working locally using docker desktop. K8 version: 1.27.2, OPA: 0.64.1, Istio: 1.20.6
I modified the opa-policy configmap to use only this code:
apiVersion: v1
kind: ConfigMap
metadata:
name: opa-policy
data:
policy.rego: |
package istio.authz
I have the bookinfo service running and I get this error when I hit the endpoint:
Example: curl -i http://public_IP/productpage
istio-proxy container logs:
403 - "rbac_access_denied_matched_policy[istio-ext-authz-ns[default]-policy[ext-authz]-rule[0]-deny-due-to-bad-CUSTOM-action
Beta Was this translation helpful? Give feedback.
All reactions