matiasah/envoyfilter.yaml

## envoyfilter.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: google-auth-filter
spec:
  workloadSelector:
    labels:
      app: my-service
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_OUTBOUND
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
      route:
        destination:
          host: "www.googleapis.com"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.filters.http.envoy_google_auth
        config:
          service_account_json: /etc/google/auth/service_account.json
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_OUTBOUND
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
      route:
        destination:
          host: "www.googleapis.com"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.filters.http.headers_to_metadata
        config:
          headers:
            - name: x-goog-iap-jwt-assertion
              metadata_key: "google.auth.jwt"
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_OUTBOUND
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
      route:
        destination:
          host: "www.googleapis.com"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.filters.http.google_auth
        config:
          service_account_json: /etc/google/auth
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: google-auth-filter
	spec:
	workloadSelector:
	labels:
	app: my-service
	configPatches:
	- applyTo: HTTP_FILTER
	match:
	context: SIDECAR_OUTBOUND
	listener:
	filterChain:
	filter:
	name: "envoy.http_connection_manager"
	subFilter:
	name: "envoy.router"
	route:
	destination:
	host: "www.googleapis.com"
	patch:
	operation: INSERT_BEFORE
	value:
	name: envoy.filters.http.envoy_google_auth
	config:
	service_account_json: /etc/google/auth/service_account.json
	- applyTo: HTTP_FILTER
	match:
	context: SIDECAR_OUTBOUND
	listener:
	filterChain:
	filter:
	name: "envoy.http_connection_manager"
	subFilter:
	name: "envoy.router"
	route:
	destination:
	host: "www.googleapis.com"
	patch:
	operation: INSERT_BEFORE
	value:
	name: envoy.filters.http.headers_to_metadata
	config:
	headers:
	- name: x-goog-iap-jwt-assertion
	metadata_key: "google.auth.jwt"
	- applyTo: HTTP_FILTER
	match:
	context: SIDECAR_OUTBOUND
	listener:
	filterChain:
	filter:
	name: "envoy.http_connection_manager"
	subFilter:
	name: "envoy.router"
	route:
	destination:
	host: "www.googleapis.com"
	patch:
	operation: INSERT_BEFORE
	value:
	name: envoy.filters.http.google_auth
	config:
	service_account_json: /etc/google/auth