Access Control List

    1. kubectl create -f istiofiles/acl-whitelist.yml -n tutorial

    Then if you do:

    1. customer => preference => recommendation v2 from '6b569c9cfb-g8shk': 5

    You will be inside the application container of your pod customer-86ccc8746d-c6kfb. Now execute:

    1. curl preference:8080
    2. preference => recommendation v1 from '868bf96bfc-425m6': 5
    4. curl recommendation:8080
    6. exit
    1. kubectl delete -f istiofiles/acl-whitelist.yml -n tutorial

    Blacklist

    We’ll create a blacklist making the customer service blacklist to the preference service. Requests from the customer service to the preference service will return a 403 Forbidden HTTP error code.

    1. curl istio-ingressgateway-istio-system.$(minishift ip).nip.io/customer
    2. customer => Error: 403 - PERMISSION_DENIED:denycustomerhandler.denier.tutorial:Not allowed

    Clean up