Closed AshRing closed 3 years ago
value:
name: envoy.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz
failure_mode_allow: false
stat_prefix: ext_authz
grpc_service:
google_grpc:
target_uri: 127.0.0.1:9191
stat_prefix: ext_authz
you're missing transport_api_version: V3
:
https://github.com/open-policy-agent/opa-envoy-plugin/blob/b60ae7e0bf3155f78149bcffee26b90c16982b61/examples/istio/quick_start.yaml#L26
Without that set, it'll default to v2.
@srenatus thank you so much, that worked!
Expected Behavior
The pod starts up the istio-proxy and opa-istio sidecars with no issue. The typed config type.googleapis.com/envoy.extensions.filters.network.ext_authz.v3.ExtAuthz in the EnvoyFilter should not cause an error.
Actual Behavior
I was able to get the opa-istio sidecar running after adding the annotation
traffic.sidecar.istio.io/excludeInboundPorts: "8282"
to my service's deployment to allow traffic on port 8282 to pass the health checks.Unfortunately, the istio-proxy sidecar is failing with the following log message:
There is no mention of v2 anywhere in the deployment... I'm failing to understand why this error is happening.
Steps to Reproduce the Problem
K8s version: 1.20 Istio version: 1.9
Opa-istio deployment used:
Additional Inf