EnvoyFilter排除特定主机

问题描述 投票:0回答:1

我需要从EnvoyFilter中排除如下所示的特定主机:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: authn-filter
spec:
  workloadLabels:
    istio: ingressgateway
  filters:
  - filterConfig:
      httpService:
        serverUri:
          uri: http://authservice.$(namespace).svc.cluster.local
          cluster: outbound|8080||authservice.$(namespace).svc.cluster.local
          failureModeAllow: false
          timeout: 10s
        authorizationRequest:
          allowedHeaders:
            patterns:
            - exact: "cookie"
            - exact: "X-Auth-Token"
        authorizationResponse:
          allowedUpstreamHeaders:
            patterns:
            - exact: "kubeflow-userid"
      statusOnError:
        code: GatewayTimeout
    filterName: envoy.ext_authz
    filterType: HTTP
    insertPosition:
      index: FIRST
    listenerMatch:
      listenerType: GATEWAY

问题是该过滤器适用于默认istio入口网关,该网关会影响通过该网关的所有流量,我希望某些主机可以从过滤器中排除/列入白名单。

kubernetes istio
1个回答
© www.soinside.com 2019 - 2024. All rights reserved.