问题
My use case is that i would deploy Elasticseach + Kibana into the mesh and configure End-User outside of Kubernetes to access Elasticsearch API with JWT Authentication. While i was successful in configuring and applying that I found that my Kibana deployment to be failing. I know it has something to do with the RequestAuthentication + AuthorizationPolicy defined I get a RBAC: access denied error when I tried CURLing elasticsearch from my kibana’s istio-proxy sidecar.
Have I misconfigured something here? Is there the option of just enabling end-user JWT for client requests outside of kubernetes and disabling it for internal service to service communication?
来源:https://stackoverflow.com/questions/62652808/istio-requestauthentication-from-origin-only-and-excluding-internals-services-in