Closed margocrawf closed 3 years ago
The examples also talk about Policy
CRDs, even though they are removed from Istio 1.6 and 1.7. RequestAuthentication
+ AuthorizationPolicy
should be used instead AFAIK.
I just hit the examples problem. I only found out once I hit the Policy CRD :facepalm:
It would be very good if this was fixed, it's very unclear to me how to transition this custom resource to the new ones.
@cfryanr for visibility, as there's no way to onboard people to use authservice
at this point.
We're using with Istio 1.7 with Authservice running in it's own namespace and only using ext_authz from Envoy. We add the label protect: keycloak
for any workloads we need to protect and do not use Istio's additional Authz/Authn CRDs.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: ext-authz-filter-cluster
namespace: istio-system
spec:
workloadSelector:
labels:
protect: keycloak
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.ext_authz
typed_config:
"@type": "type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz"
stat_prefix: ext_authz
grpc_service:
timeout: 30s
google_grpc:
stat_prefix: ext_authz
target_uri: authservice.authservice.svc.cluster.local:10003
What are the latest Istio/k8s releases that are known to work with the bookinfo example, please? Worked through it yesterday but got stuck when trying to add Policy.
Update: I searched through change notes back to 1.5 and couldn't find where this was removed? Trying to decide if downgrading temporarily or if a better implementation with docs might be coming soon.
Master now works with 1.9+ istio release. mark as obsolete.
Ensure that our project is compatible with Istio 1.6 (or 1.7 once it's out)