Answer-first summary for fast verification
Answer: The Authorization Policy of your cluster is blocking HTTP requests for specific paths within your application.
The issue arises because Istio AuthorizationPolicy can control access based on HTTP-specific attributes such as paths, methods, or headers. Since the problem is specific to certain URLs (paths) failing while others succeed, it indicates that the AuthorizationPolicy is configured to block requests to those specific paths. Kubernetes NetworkPolicy (A) operates at the network layer (L3/L4) and cannot filter based on HTTP paths. Incorrect TCP ports (B) would block all traffic to that port, not specific URLs. mTLS in permissive mode (D) allows both encrypted and plaintext traffic, so it would not selectively block URLs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
What could be causing HTTP requests between two Pods to fail for specific URLs while other requests succeed in a GKE microservices application secured with Istio AuthorizationPolicy, Kubernetes NetworkPolicy, and mTLS?
A
A Kubernetes NetworkPolicy resource is blocking HTTP traffic between the Pods.
B
The Pod initiating the HTTP requests is attempting to connect to the target Pod via an incorrect TCP port.
C
The Authorization Policy of your cluster is blocking HTTP requests for specific paths within your application.
D
The cluster has mTLS configured in permissive mode, but the Pod's sidecar proxy is sending unencrypted traffic in plain text.