-
Notifications
You must be signed in to change notification settings - Fork 541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feautre: support ext-authz by annotation #263
base: main
Are you sure you want to change the base?
Conversation
…r than full use gogotype (alibaba#207)
…ng instead of singal field (alibaba#207)
# Conflicts: # pkg/ingress/kube/annotations/annotations.go # test/ingress/e2e_test.go
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #263 +/- ##
==========================================
+ Coverage 44.45% 45.08% +0.63%
==========================================
Files 32 33 +1
Lines 5289 5647 +358
==========================================
+ Hits 2351 2546 +195
- Misses 2770 2911 +141
- Partials 168 190 +22
|
It is cool 👍🏻. But I want to know how you control the route match order. Given one request /api/test, if we have two ingress, /api with prefix matching and /api/test with exact matching, how you control this request matching the right rbac and external authz policy because these resources have their own matching list. |
suggest refering to kubernetes-sigs/gateway-api#1855. |
Aha. Here I'm not addressing on the route order for route tables. |
You are right, this design to implement ext-authz via ingress annotation was my mistake, it seems we need a CRD to do this. |
Ⅰ. Describe what this PR did
parse higress anno and transfer to envoyfilter(ext-authz and rbac http filter) .
test cases added.
the issue haven't been resloved yet.
Ⅱ. Does this pull request fix one issue?
#207
Ⅲ. Why don't you add test cases (unit test/integration test)?
Ⅳ. Describe how to verify it
Ⅴ. Special notes for reviews