| # Authentication policy to enable mutual TLS for all services (that have sidecar) in the mesh. |
| apiVersion: security.istio.io/v1beta1 |
| kind: PeerAuthentication |
| metadata: |
| name: default |
| namespace: istio-config |
| spec: |
| mtls: |
| mode: STRICT |
| --- |
| # Corresponding destination rule to configure client side to use mutual TLS when talking to |
| # any service (host) in the mesh. |
| apiVersion: networking.istio.io/v1alpha3 |
| kind: DestinationRule |
| metadata: |
| name: default |
| namespace: istio-config |
| spec: |
| host: "*.local" |
| trafficPolicy: |
| tls: |
| mode: ISTIO_MUTUAL |
| --- |
| # Services and configs in ns1 namespace |
| apiVersion: networking.istio.io/v1alpha3 |
| kind: ServiceEntry |
| metadata: |
| name: http1 |
| namespace: ns1 |
| spec: |
| hosts: |
| - http1.ns1.svc.cluster.local |
| addresses: |
| - 2.1.1.1 |
| ports: |
| - number: 8081 |
| name: http |
| protocol: HTTP2 |
| location: MESH_INTERNAL |
| resolution: STATIC |
| endpoints: |
| - address: 100.1.1.1 |
| labels: |
| version: v1 |
| ports: |
| http: 8080 |
| --- |
| # The sidecar for the consumer only application |
| apiVersion: networking.istio.io/v1alpha3 |
| kind: EnvoyFilter |
| metadata: |
| name: test-lua |
| namespace: dubbo-system |
| spec: |
| workloadSelector: |
| labels: |
| app: envoyfilter-test-app |
| configPatches: |
| - applyTo: HTTP_FILTER |
| match: |
| listener: |
| filterChain: |
| filter: |
| name: "envoy.http_connection_manager" |
| subFilter: |
| name: "envoy.filters.http.router" |
| patch: |
| operation: INSERT_BEFORE |
| value: # lua filter specification |
| name: envoy.lua |
| typed_config: |
| "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua" |
| inlineCode: | |
| function envoy_on_request(request_handle) |
| request_handle:logWarn("Hello World") |
| end |