jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-05-31 08:07:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: wasm support opa (Open Policy Agent) (#760)

Browse Source
This commit is contained in:
baerwang
2024-01-30 15:29:51 +08:00
committed by GitHub
parent e67ed481cf
commit 612c94dd8a
16 changed files with 717 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
plugins/wasm-go/extensions/opa/envoy.yaml Normal file
View File

@@ -0,0 +1,69 @@
admin:
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: [ "*" ]
routes:
- match:
prefix: "/"
route:
cluster: opa-server
http_filters:
- name: wasmdemo
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
name: wasmdemo
vm_config:
runtime: envoy.wasm.runtime.v8
code:
local:
filename: /etc/envoy/plugin.wasm
configuration:
"@type": "type.googleapis.com/google.protobuf.StringValue"
value: |
{
"serviceSource": "route",
"host": "OPA_SERVER:OPA_PORT",
"policy": "example1",
"timeout": "5s"
}
- name: envoy.filters.http.router
clusters:
- name: opa-server
connect_timeout: 0.5s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
dns_refresh_rate: 5s
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: opa-server
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: OPA_SERVER # opa server Host IP
port_value: OPA_PORT # opa server Host PORT