Istio AuthorizationPolicy

Istio

For workloads without authorization policies applied, Istio allows all requests
Authorization policies support ALLOW, DENY, AUDIT and CUSTOM actions
Istio checks for matching policies in layers, in this order: CUSTOM, DENY, and then ALLOW
“deny by default” behavior applies only if the workload has at least one authorization policy with the ALLOW action
When you apply an ALLOW policy in a namespace, Istio enforces default deny for any request not explicitly allowed


Istio