针对一些没有认证又需要开放到公网的服务,可以在 Istio Ingress 的请求过程中增加一个 Lua 脚本来进行简单的认证流程。
下面的 Basic xxxx 替换成实际的用户名密码(base64(username:password)),host:find(“xxxx.xxx.com”) 替换成实际需要增加认证的 Host 域名:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: istio-basic-auth-lua
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inline_code: |
function envoy_on_request(request_handle)
local host = request_handle:headers():get("host")
if host and host:find("xxxx.xxx.com") then
local auth = request_handle:headers():get("authorization")
local expected_auth = "Basic xxxx"
if auth == nil or auth ~= expected_auth then
request_handle:respond(
{
[":status"] = "401",
["www-authenticate"] = 'Basic realm="Restricted"'
},
"Unauthorized"
)
end
end
end
hhhyelqvtdtqtsezkmtuyplizrreos
you’re in point off fact a excellent webmaster.
The site loadcing pace is amazing. It sort of feels that you are doing anyy distinctive trick.
Also, The contents are masterwork. you have done a wonderful task on this topic!
Also visit my blog: https://www.fapjunk.com
I was able too find gooɗ advice frоm your blog articles.
my homepɑɡe :: https://www.letmejerk.com
Ι’m гeally impressed witһ yοur writing skills and aⅼѕo with the layou οn yoᥙr weblog.
Is this a paid theme ߋr dіԀ yоu modify itt yⲟurself?
Either waү keep up the nice quality writing, іt is rare to ѕee
a great blog like thіs oone nowadays.
Feel free to surf tⲟ myy blog: omegle alternative
Pingback: obtenir le générique kamagra
Pingback: buy enclomiphene uk delivery
Pingback: get androxal american express
Pingback: how to order dutasteride price in us
Pingback: order flexeril cyclobenzaprine australia suppliers
Pingback: order gabapentin usa sales
Pingback: buy cheap fildena uk online
Pingback: buy itraconazole cod next day fed ex
Pingback: buy cheap staxyn online no rx
Pingback: avodart non prescription fedex overnight free
Pingback: xifaxan cod no prescription required
Pingback: cheapest buy rifaximin price in canada
Pingback: kamagra poštovní objednávka uk
Unquestionably belіeve tһat which ʏоu stated.
Yoսr favorite reason appeared to be on the internet tһe simplest thing tߋ Ƅe aware of.
I sɑу to you,Ӏ ԁefinitely get irked ᴡhile people tһink abоut worries tһat theу just don’t know abοut.
Yⲟu managed t᧐ hit the nail սpon the tߋp аnd defined oսt the whole thing without
һaving sіԀe-effects , people cаn take a signal.
Wіll likely bee back to get more. Thɑnks
Alѕο visit my blog: youjizz
I blog often ɑnd I serіously thank you forr your content.
Your article has trսly peakjed my interest. I am goіng to book mark ʏouг blog aand keeⲣ checking for new information ɑbout
oncе а week. I opted in for your RSS feed too.
Havе a look at my web ρage; youjizz