What’s the correct way to set IP Tagging in Envoy filters? I’ve tried the following:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tagger
namespace: istio-system
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: ANY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.ip_tagging"
patch:
operation: ADD
value:
name: "envoy.filters.http.ip_tagging"
config:
ip_tags:
- ip_tag_name: "GOTCHA"
ip_list:
- "0.0.0.1"
But doesn’t appear to work. Any pointers? It also seems I can’t use typed config here or I can’t find the correct type to use.
Ta
So it seems I have the config a little wrong after looking at the docs as I got the ip_list element wrong, but still doesn’t work. I changed it to:
...
patch:
operation: MERGE
value:
name: "envoy.ip_tagging"
config:
ip_tags:
- ip_tag_name: GOTCHA
ip_list:
- address_prefix: 0.0.0.1
OK, I’ve got it working, but only in a very specific state. Using the following command I was able to verify the applied config:
istioctl proxy-config listener istio-ingressgateway-N -n istio-system -o json
Working config:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tagger
namespace: istio-system
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.ip_tagging
config:
request_type: INTERNAL
ip_tags:
- ip_tag_name: GOTCHA
ip_list:
- address_prefix: 0.0.0.1
It seems I have to pick either envoy.router, envoy.cors and envoy.fault. I’m not able to INSERT_AFTER envoy.router and ADD just doesn’t work.
This seems really strange!