summaryrefslogtreecommitdiffstats
path: root/samples
diff options
context:
space:
mode:
authorStephen Wong <stephen.kf.wong@gmail.com>2018-08-31 07:21:35 +0000
committerGerrit Code Review <gerrit@opnfv.org>2018-08-31 07:21:35 +0000
commit5ee5c6ad39d27a18e2abb7adceecb656c2dde81e (patch)
tree075ca27eba59e2c03dbef570f3deb1cf6bf2ea67 /samples
parent907d2d1b0ab1c82552b9805df8bf39c1a55b5281 (diff)
parent32714b39cdb85d6076ded8af6fa266d567df4992 (diff)
Merge "Add envoy.ext_authz filter"
Diffstat (limited to 'samples')
-rw-r--r--samples/scenarios/istio_ingressgateway_envoyfilter.yaml24
1 files changed, 24 insertions, 0 deletions
diff --git a/samples/scenarios/istio_ingressgateway_envoyfilter.yaml b/samples/scenarios/istio_ingressgateway_envoyfilter.yaml
new file mode 100644
index 0000000..46f730c
--- /dev/null
+++ b/samples/scenarios/istio_ingressgateway_envoyfilter.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: ext-authz
+ namespace: istio-system
+spec:
+ workloadLabels:
+ app: istio-ingressgateway
+ filters:
+ - insertPosition:
+ index: FIRST
+ listenerMatch:
+ portNumber: 80
+ listenerType: GATEWAY
+ listenerProtocol: HTTP
+ filterType: HTTP
+ filterName: "envoy.ext_authz"
+ filterConfig:
+ http_service:
+ server_uri:
+ uri: "http://modsecurity-crs.istio-system.svc.cluster.local"
+ cluster: "outbound|80||modsecurity-crs.istio-system.svc.cluster.local"
+ timeout: 0.5s
+ failure_mode_allow: false