我试图忽略 EnvoyFilter 中的某个路由,但不知道如何以及在何处将该逻辑添加到我的 yaml 文件中。不应将被忽略的路由移交给 ext_authz 身份验证服务。
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: ext-authz
namespace: istio-system
spec:
configPatches:
- applyTo: LISTENER
ListenerMatch: 0.0.0.0_80
patch:
operation: MERGE
value:
per_connection_buffer_limit_bytes: 100000000 #100MB
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.filters.http.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.ext_authz
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
transport_api_version: V3
with_request_body:
max_request_bytes: 100000000
allow_partial_message: true
grpc_service:
# NOTE(tsandall): when this was tested with the envoy_grpc client the gRPC
# server was receiving check requests over HTTP 1.1. The gRPC server in
# OPA-Istio would immediately close the connection and log that a bogus
# preamble was sent by the client (it expected HTTP 2). Switching to the
# google_grpc client resolved this issue.
google_grpc:
target_uri: 127.0.0.1:9191
stat_prefix: "ext_authz"
per_stream_buffer_limit_bytes: 100000000
---