Hey,
I have basic setup using oauth2proxy + custom action with envoyExtAuthzHttp.
Similar to for example:
I want to support multiple oauth2 proxy in my setup without adding multiple custom actions.
So idea was to setup custom action like that:
- envoyExtAuthzHttp:
...
port: 4180
service: oauth2-proxy.oauth2-proxy.svc.cluster.local
And setup VS that will send traffic to different oauth2 in case of the host match.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: default-proxy
spec:
hosts:
- oauth2-proxy
gateways:
- mesh
http:
- name: custom-oauth2-for-service1
match:
- headers:
host:
exact: service1.domain.com
route:
- destination:
host: oauth2-proxy.service1.svc.cluster.local
- name: default
route:
- destination:
host: oauth2-proxy
---
Inside mesh using just simple curl
curl oauth2-proxy.oauth2-proxy.svc.cluster.local
result in proper response.
But custom action always go to oauth2-proxy.oauth2-proxy.svc.cluster.local. (don’t care about VS at all).
I would like to keep VS solution as it seems to be easy to extend and control.
And my question:
It is somehow possible to enforce CUSTOM action to respect my VS config? (or maybe make some dummy proxy setup?) I’m not sure what envoyExtAuthzHttp is doing underhood and have problem to find easy solution by myself.