Add ModSecurity config guide

This patch adds ModSecurity config guide. This patch also deploy the modsecurity and ext_authz filter to clover-gateway namespace. Change-Id: I5ab21e6337b8f8b839ddd028370df378686bd017 Signed-off-by: JingLu5 <lvjing5@huawei.com>
author: JingLu5 <lvjing5@huawei.com> 2018-09-07 16:18:15 +0800
committer: JingLu5 <lvjing5@huawei.com> 2018-09-07 17:15:05 +0800
commit: 0ade6b1a529828c72d68ae2c42d17a33dd61586e (patch)
tree: 9f896a86522652cc662a2d3565428cdb90caae80 /samples/scenarios/ingressgateway_ext_authz_filter.yaml
parent: 9919161fee48f5f212611ade97d513f146f0139f (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/samples/scenarios/ingressgateway_ext_authz_filter.yaml b/samples/scenarios/ingressgateway_ext_authz_filter.yaml
new file mode 100644
index 0000000..0960a50
--- /dev/null
+++ b/samples/scenarios/ingressgateway_ext_authz_filter.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: ext-authz
+  namespace: clover-gateway
+spec:
+  workloadLabels:
+    app: istio-ingressgateway
+  filters:
+  - insertPosition:
+      index: FIRST
+    listenerMatch:
+      portNumber: 80
+      listenerType: GATEWAY
+      listenerProtocol: HTTP
+    filterType: HTTP
+    filterName: "envoy.ext_authz"
+    filterConfig:
+      http_service:
+        server_uri:
+          uri: "http://modsecurity-crs.clover-gateway.svc.cluster.local"
+          cluster: "outbound|80||modsecurity-crs.clover-gateway.svc.cluster.local"
+          timeout: 0.5s
+      failure_mode_allow: false
author	JingLu5 <lvjing5@huawei.com>	2018-09-07 16:18:15 +0800
committer	JingLu5 <lvjing5@huawei.com>	2018-09-07 17:15:05 +0800
commit	0ade6b1a529828c72d68ae2c42d17a33dd61586e (patch)
tree	9f896a86522652cc662a2d3565428cdb90caae80 /samples/scenarios/ingressgateway_ext_authz_filter.yaml
parent	9919161fee48f5f212611ade97d513f146f0139f (diff)