wilsonianb
commented
4 years ago Envoy should also remove the auth token from the request so it's not passed to the workload?
Open wilsonianb opened 4 years ago
wilsonianb
commented
4 years ago Envoy should also remove the auth token from the request so it's not passed to the workload?
wilsonianb
commented
4 years ago If the external service is not available when a request comes in then whether the request is authorized or not is defined by the configuration setting of failure_mode_allow configuration in the applicable network filter or HTTP filter. If it is set to true then the request will be permitted (fail open) otherwise it will be denied. The default setting is false.
Configure requests to codius workloads to be filtered by the external authorization server (#49). https://istio.io/docs/reference/config/networking/envoy-filter/ https://www.envoyproxy.io/docs/envoy/v1.12.2/configuration/http/http_filters/ext_authz_filter