# Traffic Permissions

Traffic Permissions allow you to determine security rules for services that consume other services via their Tags. It is a very useful policy to increase security in the Mesh and compliance in the organization.

You can determine what source services are allowed to consume specific destination services. The service field is mandatory in both sources and destinations.

In Kuma 0.2.2 the sources field only allows for service and only service will be enforced. This limitation will disappear in the next version of Kuma.

In the example below, the destinations includes not only the service property, but also an additional version tag. You can include any arbitrary tags to any Dataplane

On Universal:

type: TrafficPermission
name: permission-1
mesh: default
rules:
  - sources:
      - match:
          service: backend
    destinations:
      - match:
          service: redis
          version: "5.0"
1
2
3
4
5
6
7
8
9
10
11

On Kubernetes:

apiVersion: kuma.io/v1alpha1
kind: TrafficPermission
mesh: default
metadata:
  namespace: default
  name: permission-1
spec:
  rules:
    - sources:
        - match:
            service: backend
      destinations:
        - match:
            service: redis
            version: "5.0"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Match-All: You can match any value of a tag by using *, like version: '*'.

Last Updated: 2/18/2020, 8:02:29 PM