...
As you can see from the policy config, the rule is applied on Enrichment Service. Any call to Enrichment Service, the envoy proxy will apply this rule and invoke the Istio Keycloak over OIDC to authenticate the JWT.
...
There are various open source network policy libraries are available and in this analysis Calico is used. When the rApp is installed in the environment, the nonrtric framework will apply the DENY_ALL rule to all the microservices of the rApp.
...