i'm working on istio configuration to build automatic authorization system.
I use oauth2-proxy for external authorization and dex for OICD.
I have to avoid authorization check for certain sub adress, so I set notPaths option in authorization policy.
But every time I set the notPaths option, the web goes blank white page instead of display proper page. And console shows CORB warning sign.
I don't have any clue why this heppens.
here is my authorization policy and gateway, virtual service configuration.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cm-gateway
namespace: cm-temp
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "my.domain.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cm-vs
namespace: cm-temp
spec:
hosts:
- "my.domain.com"
gateways:
- cm-gateway
http:
- match:
- uri:
prefix: /api
route:
- destination:
host: cm-be-svc
port:
number: 5000
- match:
- uri:
prefix: /
route:
- destination:
host: cm-fe-svc
port:
number: 80
It was the authorization policy config problem.
I use react to display page, and the address of index page was blocked cuz i didn't add the sub address of it.
i add the sub address to auth policy and it worked.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: oauth-policy
namespace: istio-system
spec:
selector:
matchLabels:
istio: ingressgateway
action: CUSTOM
provider:
name: "oauth2-proxy"
rules:
- to:
- operation:
hosts:
- "my.domain.com"
notPaths:
- "/main*"
- "/index*"
- "/favicon*"