zufardhiyaulhaq/new-ef-example-istio.yaml

## new-ef-example-istio.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: helloworld-ef
  namespace: helloworld
spec:
  workloadSelector:
    labels:
      app: helloworld
      version: v1
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_INBOUND
      portNumber: 5000
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.ext_authz
        typed_config:
          "@type": type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz
          failure_mode_allow: false
          grpc_service:
            envoy_grpc:
              cluster_name: patched.grpc-server.helloworld.svc.cluster.local
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: grpc-server-patch-ef
  namespace: helloworld
spec:
  workloadLabels:
    app: helloworld
    version: v1
  configPatches:
  - applyTo: CLUSTER
    match:
      cluster:
        service: grpc-server.helloworld.svc.cluster.local
    patch:
      operation: MERGE
      value:
        name: "patched.grpc-server.helloworld.svc.cluster.local"
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld
  namespace: helloworld
  labels:
    app: helloworld
spec:
  ports:
  - port: 5000
    name: http
  selector:
    app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v1
  namespace: helloworld
  labels:
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: helloworld
      version: v1
  template:
    metadata:
      labels:
        app: helloworld
        version: v1
    spec:
      containers:
      - name: helloworld
        image: docker.io/istio/examples-helloworld-v1
        resources:
          requests:
            cpu: "100m"
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
  name: grpc-server
  namespace: helloworld
  labels:
    app: grpc-server
spec:
  ports:
  - protocol: TCP
    port: 443
    name: grpc
  selector:
    app: grpc-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: grpc-server
  namespace: helloworld
  labels:
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: grpc-server
      version: v1
  template:
    metadata:
      labels:
        app: grpc-server
        version: v1
    spec:
      containers:
      - name: grpc-server
        image: enm10k/grpc-hello-world
        command: [ "greeter_server" ]
        env:
        - name: PORT
          value: "443"
        resources:
          requests:
            cpu: "100m"
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
  namespace: helloworld
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: governmentpaas/curl-ssl
        command: ["/bin/sleep", "3650d"]
        imagePullPolicy: IfNotPresent

## old-ef-example-istio.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: helloworld-ef
  namespace: helloworld
spec:
  workloadSelector:
    labels:
      app: helloworld
      version: v1
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_INBOUND
      listener:
        portNumber: 5000
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.ext_authz
        typed_config:
          "@type": type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz
          failure_mode_allow: false
          grpc_service:
            envoy_grpc:
              cluster_name: patched.grpc-server.helloworld.svc.cluster.local
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: grpc-server-patch-ef
  namespace: helloworld
spec:
  workloadLabels:
    app: helloworld
    version: v1
  configPatches:
  - applyTo: CLUSTER
    match:
      cluster:
        service: grpc-server.helloworld.svc.cluster.local
    patch:
      operation: MERGE
      value:
        name: "patched.grpc-server.helloworld.svc.cluster.local"
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld
  namespace: helloworld
  labels:
    app: helloworld
spec:
  ports:
  - port: 5000
    name: http
  selector:
    app: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v1
  namespace: helloworld
  labels:
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: helloworld
      version: v1
  template:
    metadata:
      labels:
        app: helloworld
        version: v1
    spec:
      containers:
      - name: helloworld
        image: docker.io/istio/examples-helloworld-v1
        resources:
          requests:
            cpu: "100m"
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
  name: grpc-server
  namespace: helloworld
  labels:
    app: grpc-server
spec:
  ports:
  - protocol: TCP
    port: 443
    name: grpc
  selector:
    app: grpc-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: grpc-server
  namespace: helloworld
  labels:
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: grpc-server
      version: v1
  template:
    metadata:
      labels:
        app: grpc-server
        version: v1
    spec:
      containers:
      - name: grpc-server
        image: enm10k/grpc-hello-world
        command: [ "greeter_server" ]
        env:
        - name: PORT
          value: "443"
        resources:
          requests:
            cpu: "100m"
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
  namespace: helloworld
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: governmentpaas/curl-ssl
        command: ["/bin/sleep", "3650d"]
        imagePullPolicy: IfNotPresent
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: helloworld-ef
	namespace: helloworld
	spec:
	workloadSelector:
	labels:
	app: helloworld
	version: v1
	configPatches:
	- applyTo: HTTP_FILTER
	match:
	context: SIDECAR_INBOUND
	portNumber: 5000
	listener:
	filterChain:
	filter:
	name: "envoy.http_connection_manager"
	subFilter:
	name: "envoy.router"
	patch:
	operation: INSERT_BEFORE
	value:
	name: envoy.ext_authz
	typed_config:
	"@type": type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz
	failure_mode_allow: false
	grpc_service:
	envoy_grpc:
	cluster_name: patched.grpc-server.helloworld.svc.cluster.local
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: grpc-server-patch-ef
	namespace: helloworld
	spec:
	workloadLabels:
	app: helloworld
	version: v1
	configPatches:
	- applyTo: CLUSTER
	match:
	cluster:
	service: grpc-server.helloworld.svc.cluster.local
	patch:
	operation: MERGE
	value:
	name: "patched.grpc-server.helloworld.svc.cluster.local"
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: helloworld
	namespace: helloworld
	labels:
	app: helloworld
	spec:
	ports:
	- port: 5000
	name: http
	selector:
	app: helloworld
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: helloworld-v1
	namespace: helloworld
	labels:
	version: v1
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: helloworld
	version: v1
	template:
	metadata:
	labels:
	app: helloworld
	version: v1
	spec:
	containers:
	- name: helloworld
	image: docker.io/istio/examples-helloworld-v1
	resources:
	requests:
	cpu: "100m"
	imagePullPolicy: IfNotPresent
	ports:
	- containerPort: 5000
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: grpc-server
	namespace: helloworld
	labels:
	app: grpc-server
	spec:
	ports:
	- protocol: TCP
	port: 443
	name: grpc
	selector:
	app: grpc-server
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: grpc-server
	namespace: helloworld
	labels:
	version: v1
	spec:
	replicas: 3
	selector:
	matchLabels:
	app: grpc-server
	version: v1
	template:
	metadata:
	labels:
	app: grpc-server
	version: v1
	spec:
	containers:
	- name: grpc-server
	image: enm10k/grpc-hello-world
	command: [ "greeter_server" ]
	env:
	- name: PORT
	value: "443"
	resources:
	requests:
	cpu: "100m"
	imagePullPolicy: IfNotPresent
	ports:
	- containerPort: 443
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: sleep
	namespace: helloworld
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: sleep
	template:
	metadata:
	labels:
	app: sleep
	spec:
	containers:
	- name: sleep
	image: governmentpaas/curl-ssl
	command: ["/bin/sleep", "3650d"]
	imagePullPolicy: IfNotPresent