Open wilsonianb opened 4 years ago
Envoy should also remove the auth token from the request so it's not passed to the workload?
If the external service is not available when a request comes in then whether the request is authorized or not is defined by the configuration setting of failure_mode_allow configuration in the applicable network filter or HTTP filter. If it is set to true then the request will be permitted (fail open) otherwise it will be denied. The default setting is false.
Configure requests to codius workloads to be filtered by the external authorization server (#49). https://istio.io/docs/reference/config/networking/envoy-filter/ https://www.envoyproxy.io/docs/envoy/v1.12.2/configuration/http/http_filters/ext_authz_filter