본문으로 건너뛰기

Auth EnvoyFilter

http.ext_authz

spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
# status_on_error:
# code: ServiceUnavailable # 문제가 생기면 503으로 응답
http_service:
server_uri:
uri: http://<service>.<namespace>.svc.cluster.local
cluster: outbound|8080||<service>.<namespace>.svc.cluster.local
timeout: 10s
authorization_request:
allowed_headers:
patterns:
- exact: cookie
- exact: authorization
- exact: x-auth-tokeno
authorization_response:
allowed_upstream_headers:
patterns:
- exact: x-auth-request-email
- exact: authorization
- applyTo: HTTP_ROUTE
match:
routeConfiguration:
vhost:
name: kubeflow.loliot.net:80
route:
name: <.VirtualService.spec.http.name> # 특정한 이름의 라우팅에 대해 적용
patch:
operation: MERGE
value:
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
disabled: true