summaryrefslogtreecommitdiffstats
path: root/samples/scenarios/modsecurity_all_in_one.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'samples/scenarios/modsecurity_all_in_one.yaml')
-rw-r--r--samples/scenarios/modsecurity_all_in_one.yaml65
1 files changed, 65 insertions, 0 deletions
diff --git a/samples/scenarios/modsecurity_all_in_one.yaml b/samples/scenarios/modsecurity_all_in_one.yaml
new file mode 100644
index 0000000..aa92b13
--- /dev/null
+++ b/samples/scenarios/modsecurity_all_in_one.yaml
@@ -0,0 +1,65 @@
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: modsecurity-crs
+ namespace: clover-gateway
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: modsecurity-crs
+ template:
+ metadata:
+ labels:
+ app: modsecurity-crs
+ spec:
+ containers:
+ - name: modsecurity-crs
+ image: clover/clover-ns-modsecurity-crs
+ ports:
+ - containerPort: 80
+ env:
+ - name: PARANOIA
+ value: '1'
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: modsecurity-crs
+ namespace: clover-gateway
+spec:
+ type: NodePort
+ ports:
+ - port: 80
+ name: http-modsecurity-crs
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: modsecurity-crs
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: ext-authz
+ namespace: clover-gateway
+spec:
+ workloadLabels:
+ app: istio-ingressgateway
+ filters:
+ - insertPosition:
+ index: FIRST
+ listenerMatch:
+ portNumber: 80
+ listenerType: GATEWAY
+ listenerProtocol: HTTP
+ filterType: HTTP
+ filterName: "envoy.ext_authz"
+ filterConfig:
+ http_service:
+ server_uri:
+ uri: "http://modsecurity-crs.clover-gateway.svc.cluster.local"
+ cluster: "outbound|80||modsecurity-crs.clover-gateway.svc.cluster.local"
+ timeout: 0.5s
+ failure_mode_allow: false
+---