I want to use external authorizing service when use ingress gateway.
so… I create EnvoyFilter object like this.
kind: EnvoyFilter metadata: name: authz namespace: istio-system spec: workloadSelector: labels: istio: ingressgateway configPatches: - applyTo: HTTP_FILTER match: context: GATEWAY patch: value: name: envoy.ext_authz ...
My question is, I have various service in my cluster. For example, foo, bar, baz, qux… and so on.
I want to use external authorize in service ‘foo’. But that EnvoyFilter match every gateway in my cluster.
So, how can I match ‘specific’ gateway what I want to patch?