我需要从EnvoyFilter中排除如下所示的特定主机:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: authn-filter
spec:
workloadLabels:
istio: ingressgateway
filters:
- filterConfig:
httpService:
serverUri:
uri: http://authservice.$(namespace).svc.cluster.local
cluster: outbound|8080||authservice.$(namespace).svc.cluster.local
failureModeAllow: false
timeout: 10s
authorizationRequest:
allowedHeaders:
patterns:
- exact: "cookie"
- exact: "X-Auth-Token"
authorizationResponse:
allowedUpstreamHeaders:
patterns:
- exact: "kubeflow-userid"
statusOnError:
code: GatewayTimeout
filterName: envoy.ext_authz
filterType: HTTP
insertPosition:
index: FIRST
listenerMatch:
listenerType: GATEWAY
问题是该过滤器适用于默认istio入口网关,该网关会影响通过该网关的所有流量,我希望某些主机可以从过滤器中排除/列入白名单。