1.20.
1.20.1.
1.20.2.
1.20.3.
1.20.3.1.
사전 요구 사항
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> namespace: <bookinfo> 1 spec: selector: 2 labels: app: <product_page> pluginConfig: <yaml_configuration> url: oci://registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8:0.0.3 phase: AUTHZ priority: 100
$ oc apply -f threescale-wasm-auth-bookinfo.yaml
추가 리소스
1.20.4.
절차
ServiceEntry CR
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: service-entry-threescale-saas-backend spec: hosts: - su1.3scale.net ports: - number: 443 name: https protocol: HTTPS location: MESH_EXTERNAL resolution: DNS
apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: destination-rule-threescale-saas-backend spec: host: su1.3scale.net trafficPolicy: tls: mode: SIMPLE sni: su1.3scale.net
$ oc apply -f service-entry-threescale-saas-backend.yml
$ oc apply -f destination-rule-threescale-saas-backend.yml
ServiceEntry CR
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: service-entry-threescale-saas-system spec: hosts: - multitenant.3scale.net ports: - number: 443 name: https protocol: HTTPS location: MESH_EXTERNAL resolution: DNS
apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: destination-rule-threescale-saas-system spec: host: multitenant.3scale.net trafficPolicy: tls: mode: SIMPLE sni: multitenant.3scale.net
$ oc apply -f service-entry-threescale-saas-system.yml
$ oc apply -f <destination-rule-threescale-saas-system.yml>
추가 리소스
1.20.5.
1.20.5.1.
사전 요구 사항
1.20.5.2.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> namespace: <bookinfo> spec: pluginConfig: api: v1 ...
1.20.5.3.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: system: name: <saas_porta> upstream: <object> token: <my_account_token> ttl: 300 ...
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 선택 사항 |
|
| 제공됨 |
|
| 제공됨 |
|
| 선택 사항 |
1.20.5.4.
apiVersion: maistra.io/v1 upstream: name: outbound|443||multitenant.3scale.net url: "https://myaccount-admin.3scale.net/" timeout: 5000 ...
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 제공됨 |
|
| 제공됨 |
|
| 선택 사항 |
1.20.5.5.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: ... backend: name: backend upstream: <object> ...
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 선택 사항 |
|
| 제공됨 |
1.20.5.6.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: ... services: - id: "2555417834789" token: service_token authorities: - "*.app" - 0.0.0.0 - "0.0.0.0:8443" credentials: <object> mapping_rules: <object> ...
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 제공됨 |
|
| 선택 사항 |
|
| 제공됨 |
|
| 제공됨 |
|
| 선택 사항 |
1.20.5.7.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: ... services: - credentials: user_key: <array_of_lookup_queries> app_id: <array_of_lookup_queries> app_key: <array_of_lookup_queries> ...
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 선택 사항 |
|
| 선택 사항 |
|
| 선택 사항 |
1.20.5.8.
다음 예제를 참조하십시오.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: ... services: - credentials: user_key: - <source_type>: <object> - <source_type>: <object> ... app_id: - <source_type>: <object> ... app_key: - <source_type>: <object> ... ...
1.20.5.9.
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 제공됨 |
|
| 선택 사항 |
1.20.5.10.
추가 리소스
1.20.5.11.
1.20.5.12.
이름 | 설명 | 필수 항목 |
---|---|---|
|
| 제공됨 |
|
| 제공됨 |
|
| 제공됨 |
|
|
|
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: pluginConfig: ... mapping_rules: - method: GET pattern: / usages: - name: hits delta: 1 - method: GET pattern: /products/ usages: - name: products delta: 1 - method: ANY pattern: /products/{id}/sold usages: - name: sales delta: 1 - name: products delta: 1 ...
- products: 2
1.20.6.
1.20.6.1.
credentials: user_key: - query_string: keys: - user_key - header: keys: - user_key
1.20.6.2.
credentials: app_id: - header: keys: - app_id - query_string: keys: - app_id app_key: - header: keys: - app_key - query_string: keys: - app_key
1.20.6.3.
aladdin:opensesame: Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
credentials: app_id: - header: keys: - authorization ops: - split: separator: " " max: 2 - length: min: 2 - drop: head: 1 - base64_urlsafe - split: max: 2 app_key: - header: keys: - app_key
credentials: app_id: - header: keys: - authorization ops: - split: separator: " " max: 2 - length: min: 2 - reverse - glob: - Basic - drop: tail: 1 - base64_urlsafe - split: max: 2 - test: if: length: min: 2 then: - strlen: max: 63 - or: - strlen: min: 1 - drop: tail: 1 - assert: - and: - reverse - or: - strlen: min: 8 - glob: - aladdin - admin
1.20.6.4.
apiVersion: security.istio.io/v1beta1 kind: RequestAuthentication metadata: name: jwt-example namespace: bookinfo spec: selector: matchLabels: app: productpage jwtRules: - issuer: >- http://keycloak-keycloak.34.242.107.254.nip.io/auth/realms/3scale-keycloak jwksUri: >- http://keycloak-keycloak.34.242.107.254.nip.io/auth/realms/3scale-keycloak/protocol/openid-connect/certs
credentials: app_id: - filter: path: - envoy.filters.http.jwt_authn - "0" keys: - azp - aud ops: - take: head: 1
1.20.6.5.
credentials: app_id: - header: keys: - x-jwt-payload ops: - base64_urlsafe - json: - keys: - azp - aud - take: head: 1
1.20.7.
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> spec: url: oci://registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8:0.0.3 imagePullSecret: <optional_pull_secret_resource> phase: AUTHZ priority: 100 selector: labels: app: <product_page> pluginConfig: api: v1 system: name: <system_name> upstream: name: outbound|443||multitenant.3scale.net url: https://istiodevel-admin.3scale.net/ timeout: 5000 token: <token> backend: name: <backend_name> upstream: name: outbound|443||su1.3scale.net url: https://su1.3scale.net/ timeout: 5000 extensions: - no_body services: - id: '2555417834780' authorities: - "*" credentials: user_key: - query_string: keys: - <user_key> - header: keys: - <user_key> app_id: - query_string: keys: - <app_id> - header: keys: - <app_id> app_key: - query_string: keys: - <app_key> - header: keys: - <app_key>