I want to use external authorizing service when use ingress gateway.
so… I create EnvoyFilter object like this.
kind: EnvoyFilter
metadata:
name: authz
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
patch:
value:
name: envoy.ext_authz
...
My question is, I have various service in my cluster. For example, foo, bar, baz, qux… and so on.
I want to use external authorize in service ‘foo’. But that EnvoyFilter match every gateway in my cluster.
So, how can I match ‘specific’ gateway what I want to patch?