ruo91/istio-envoyfilter.yaml

## istio-envoyfilter.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: proxy-protocol
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: LISTENER
    patch:
      operation: MERGE
      value:
        listener_filters:
        - name: envoy.filters.listener.proxy_protocol
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
        - name: envoy.filters.listener.tls_inspector
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: ingressgateway-settings
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: envoy.filters.network.http_connection_manager
    patch:
      operation: MERGE
      value:
        name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          skip_xff_append: false
          use_remote_address: true
          xff_num_trusted_hops: 1
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: disable-auto-sni
  namespace: istio-system
spec:
  configPatches:
  - applyTo: CLUSTER
    match:
      cluster:
        name: "*"
    patch:
      operation: MERGE
      value:
        typed_extension_protocol_options:
          envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
            "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
            upstream_http_protocol_options:
              auto_sni: false
              auto_san_validation: false
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: proxy-protocol
	namespace: istio-system
	spec:
	workloadSelector:
	labels:
	istio: ingressgateway
	configPatches:
	- applyTo: LISTENER
	patch:
	operation: MERGE
	value:
	listener_filters:
	- name: envoy.filters.listener.proxy_protocol
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
	- name: envoy.filters.listener.tls_inspector
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: ingressgateway-settings
	namespace: istio-system
	spec:
	workloadSelector:
	labels:
	istio: ingressgateway
	configPatches:
	- applyTo: NETWORK_FILTER
	match:
	context: GATEWAY
	listener:
	filterChain:
	filter:
	name: envoy.filters.network.http_connection_manager
	patch:
	operation: MERGE
	value:
	name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	skip_xff_append: false
	use_remote_address: true
	xff_num_trusted_hops: 1
	---
	apiVersion: networking.istio.io/v1alpha3
	kind: EnvoyFilter
	metadata:
	name: disable-auto-sni
	namespace: istio-system
	spec:
	configPatches:
	- applyTo: CLUSTER
	match:
	cluster:
	name: "*"
	patch:
	operation: MERGE
	value:
	typed_extension_protocol_options:
	envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
	"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
	upstream_http_protocol_options:
	auto_sni: false
	auto_san_validation: false
No results found