istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/analysis/analyzers/testdata/envoy-filter-add-operation.yaml (about) 1 # If the patch operation is ADD and the applyTo is set to ROUTE_CONFIGURATION or HTTP_ROUTE, then an error will occur 2 apiVersion: networking.istio.io/v1alpha3 3 kind: EnvoyFilter 4 metadata: 5 name: test-auth-1 6 namespace: bookinfo 7 spec: 8 configPatches: 9 - applyTo: HTTP_FILTER 10 match: 11 context: SIDECAR_INBOUND 12 patch: 13 operation: ADD 14 filterClass: AUTHZ # This filter will run *after* the Istio authz filter. 15 value: 16 name: envoy.filters.http.ext_authz 17 typed_config: 18 "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 19 grpc_service: 20 envoy_grpc: 21 cluster_name: acme-ext-authz 22 initial_metadata: 23 - key: foo 24 value: myauth.acme # required by local ext auth server. 25 26 --- 27 apiVersion: networking.istio.io/v1alpha3 28 kind: EnvoyFilter 29 metadata: 30 name: test-auth-2 31 namespace: bookinfo 32 spec: 33 configPatches: 34 - applyTo: ROUTE_CONFIGURATION 35 match: 36 context: SIDECAR_INBOUND 37 patch: 38 operation: ADD 39 filterClass: AUTHZ # This filter will run *after* the Istio authz filter. 40 value: 41 name: envoy.filters.http.ext_authz 42 typed_config: 43 "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 44 grpc_service: 45 envoy_grpc: 46 cluster_name: acme-ext-authz 47 initial_metadata: 48 - key: foo 49 value: myauth.acme # required by local ext auth server. 50 51 --- 52 apiVersion: networking.istio.io/v1alpha3 53 kind: EnvoyFilter 54 metadata: 55 name: test-auth-3 56 namespace: bookinfo 57 spec: 58 configPatches: 59 - applyTo: HTTP_ROUTE 60 match: 61 context: SIDECAR_INBOUND 62 patch: 63 operation: ADD 64 filterClass: AUTHZ # This filter will run *after* the Istio authz filter. 65 value: 66 name: envoy.filters.http.ext_authz 67 typed_config: 68 "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 69 grpc_service: 70 envoy_grpc: 71 cluster_name: acme-ext-authz 72 initial_metadata: 73 - key: foo 74 value: myauth.acme # required by local ext auth server. 75 76 --- 77 apiVersion: networking.istio.io/v1alpha3 78 kind: EnvoyFilter 79 metadata: 80 name: test-auth-4 81 namespace: bookinfo 82 spec: 83 configPatches: 84 - applyTo: HTTP_FILTER 85 match: 86 context: SIDECAR_INBOUND 87 proxy: 88 proxyVersion: '^1\.11.*' 89 app: add4 90 patch: 91 operation: ADD 92 filterClass: AUTHZ # This filter will run *after* the Istio authz filter. 93 value: 94 name: envoy.filters.http.ext_authz 95 typed_config: 96 "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 97 grpc_service: 98 envoy_grpc: 99 cluster_name: acme-ext-authz 100 initial_metadata: 101 - key: foo 102 value: myauth.acme # required by local ext auth server. 103 104 --- 105 apiVersion: networking.istio.io/v1alpha3 106 kind: EnvoyFilter 107 metadata: 108 name: test-auth-5 109 namespace: bookinfo 110 spec: 111 configPatches: 112 - applyTo: HTTP_FILTER 113 match: 114 context: SIDECAR_INBOUND 115 app: add5 116 patch: 117 operation: ADD 118 filterClass: AUTHZ # This filter will run *after* the Istio authz filter. 119 value: 120 name: envoy.filters.http.ext_authz 121 typed_config: 122 "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz 123 grpc_service: 124 envoy_grpc: 125 cluster_name: acme-ext-authz 126 initial_metadata: 127 - key: foo 128 value: myauth.acme # required by local ext auth server.