针对一些没有认证又需要开放到公网的服务,可以在 Istio Ingress 的请求过程中增加一个 Lua 脚本来进行简单的认证流程。
下面的 Basic xxxx 替换成实际的用户名密码(base64(username:password)),host:find(“xxxx.xxx.com”) 替换成实际需要增加认证的 Host 域名:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: istio-basic-auth-lua
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inline_code: |
function envoy_on_request(request_handle)
local host = request_handle:headers():get("host")
if host and host:find("xxxx.xxx.com") then
local auth = request_handle:headers():get("authorization")
local expected_auth = "Basic xxxx"
if auth == nil or auth ~= expected_auth then
request_handle:respond(
{
[":status"] = "401",
["www-authenticate"] = 'Basic realm="Restricted"'
},
"Unauthorized"
)
end
end
end
hhhyelqvtdtqtsezkmtuyplizrreos
you’re in point off fact a excellent webmaster.
The site loadcing pace is amazing. It sort of feels that you are doing anyy distinctive trick.
Also, The contents are masterwork. you have done a wonderful task on this topic!
Also visit my blog: https://www.fapjunk.com
I was able too find gooɗ advice frоm your blog articles.
my homepɑɡe :: https://www.letmejerk.com
Ι’m гeally impressed witһ yοur writing skills and aⅼѕo with the layou οn yoᥙr weblog.
Is this a paid theme ߋr dіԀ yоu modify itt yⲟurself?
Either waү keep up the nice quality writing, іt is rare to ѕee
a great blog like thіs oone nowadays.
Feel free to surf tⲟ myy blog: omegle alternative
Pingback: obtenir le générique kamagra
Pingback: buy enclomiphene uk delivery
Pingback: get androxal american express
Pingback: how to order dutasteride price in us
Pingback: order flexeril cyclobenzaprine australia suppliers
Pingback: order gabapentin usa sales
Pingback: buy cheap fildena uk online
Pingback: buy itraconazole cod next day fed ex
Pingback: buy cheap staxyn online no rx
Pingback: avodart non prescription fedex overnight free
Pingback: xifaxan cod no prescription required
Pingback: cheapest buy rifaximin price in canada
Pingback: kamagra poštovní objednávka uk