7.3. 设置默认 AuthPolicy

步骤

1. 使用网关的 deny-all 设置设置默认 AuthPolicy，如下所示：

   kubectl apply -f - <<EOF
   apiVersion: kuadrant.io/v1
   kind: AuthPolicy
   metadata:
     name: ${KUADRANT_GATEWAY_NAME}-auth
     namespace: ${KUADRANT_GATEWAY_NS}
   spec:
     targetRef:
       group: gateway.networking.k8s.io
       kind: Gateway
       name: ${KUADRANT_GATEWAY_NAME}
     defaults:
      when:
        - predicate: "request.path != '/health'"
      rules:
       authorization:
         deny-all:
           opa:
             rego: "allow = false"
       response:
         unauthorized:
           headers:
             "content-type":
               value: application/json
           body:
             value: |
               {
                 "error": "Forbidden",
                 "message": "Access denied by default by the gateway operator. If you are the administrator of the service, create a specific auth policy for the route."
               }
   EOF

2. 检查您的 AuthPolicy 是否具有 Accepted 和 Enforced 状态，如下所示：

   kubectl get authpolicy ${KUADRANT_GATEWAY_NAME}-auth -n ${KUADRANT_GATEWAY_NS} -o=jsonpath='{.status.conditions[?(@.type=="Accepted")].message}{"\n"}{.status.conditions[?(@.type=="Enforced")].message}'