summaryrefslogtreecommitdiffstats
path: root/samples/scenarios
diff options
context:
space:
mode:
Diffstat (limited to 'samples/scenarios')
-rwxr-xr-xsamples/scenarios/deploy.sh2
-rw-r--r--samples/scenarios/istio_ingressgateway_envoyfilter.yaml24
-rw-r--r--samples/scenarios/service_delivery_controller_opnfv.yaml45
3 files changed, 58 insertions, 13 deletions
diff --git a/samples/scenarios/deploy.sh b/samples/scenarios/deploy.sh
index 1ffea37..962bd5a 100755
--- a/samples/scenarios/deploy.sh
+++ b/samples/scenarios/deploy.sh
@@ -15,7 +15,7 @@ cd $CLOVER_BASE_DIR
echo "Deploying Istio manual sidecar injection without TLS authentication"
-kubectl apply -f $ISTIO_BASE_DIR/install/kubernetes/istio.yaml
+kubectl apply -f $ISTIO_BASE_DIR/install/kubernetes/istio-demo.yaml
echo "Deploying Service Delivery Controller sample scenario"
diff --git a/samples/scenarios/istio_ingressgateway_envoyfilter.yaml b/samples/scenarios/istio_ingressgateway_envoyfilter.yaml
new file mode 100644
index 0000000..46f730c
--- /dev/null
+++ b/samples/scenarios/istio_ingressgateway_envoyfilter.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: ext-authz
+ namespace: istio-system
+spec:
+ workloadLabels:
+ app: istio-ingressgateway
+ filters:
+ - insertPosition:
+ index: FIRST
+ listenerMatch:
+ portNumber: 80
+ listenerType: GATEWAY
+ listenerProtocol: HTTP
+ filterType: HTTP
+ filterName: "envoy.ext_authz"
+ filterConfig:
+ http_service:
+ server_uri:
+ uri: "http://modsecurity-crs.istio-system.svc.cluster.local"
+ cluster: "outbound|80||modsecurity-crs.istio-system.svc.cluster.local"
+ timeout: 0.5s
+ failure_mode_allow: false
diff --git a/samples/scenarios/service_delivery_controller_opnfv.yaml b/samples/scenarios/service_delivery_controller_opnfv.yaml
index 9fee92f..ceba36f 100644
--- a/samples/scenarios/service_delivery_controller_opnfv.yaml
+++ b/samples/scenarios/service_delivery_controller_opnfv.yaml
@@ -344,17 +344,38 @@ spec:
selector:
app: proxy-access-control
---
-apiVersion: extensions/v1beta1
-kind: Ingress
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+ name: sdc-gateway
+spec:
+ selector:
+ istio: ingressgateway # use istio default controller
+ servers:
+ - port:
+ number: 80
+ name: http
+ protocol: HTTP
+ hosts:
+ - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
metadata:
- name: proxy-gateway
- annotations:
- kubernetes.io/ingress.class: "istio"
+ name: sdcsample
spec:
- rules:
- - http:
- paths:
- - path:
- backend:
- serviceName: proxy-access-control
- servicePort: 9180
+ hosts:
+ - "*"
+ gateways:
+ - sdc-gateway
+ http:
+ - match:
+ - uri:
+ prefix: /
+ route:
+ - destination:
+ host: proxy-access-control
+ port:
+ number: 9180
+ mirror:
+ host: snort-ids