I used 1.0.2 previously, without mutual auth. I was using the following envoy.ext_authz configuration in the sidecars:
grpc_service: google_grpc: stat_prefix: ext_authz target_uri: simple-auth-svc:8080 timeout: 10s filterName: envoy.ext_authz filterType: HTTP insertPosition: index: FIRST listenerMatch: listenerProtocol: HTTP listenerType: SIDECAR_INBOUND
However this does not seem to work with Istio 1.1.3 and its failing silently. If I remove the filter, it works as expected.
Has anyone tried the same with Istio 1.1.3? If so, please do share the envoy.ext_authz filter configuration.