AuthorizationPolicy still take effect by namespace scope after a workloadSelector added to it
ZarrianShi opened this issue · 1 comments
ZarrianShi commented
Bug Description:
- Create a namespace-scoped AuthorizationPolicy
- Change it to workload-scoped by add WorkloadSelector to it
- AuthorizationPolicy still take effect by namespace scope
Istio Version:
1.22.3
bleggett commented
Can you add an example for number 3 that shows exactly what you're talking about?
My understanding is adding workload selectors should further refine the existing namespace scope, not replace it.