1.20.
1.20.1.
1.20.2.
1.20.3.
1.20.3.1.
사전 요구 사항
apiVersion: extensions.istio.io/v1alpha1 kind: WasmPlugin metadata: name: <threescale_wasm_plugin_name> namespace: <bookinfo> 1 spec: selector: 2 labels: app: <product_page> pluginConfig: <yaml_configuration> url: oci://registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8:0.0.3 phase: AUTHZ priority: 100
$ oc apply -f threescale-wasm-auth-bookinfo.yaml
추가 리소스
1.20.4.
절차
ServiceEntry CR
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: service-entry-threescale-saas-backend spec: hosts: - su1.3scale.net ports: - number: 443 name: https protocol: HTTPS location: MESH_EXTERNAL resolution: DNSapiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: destination-rule-threescale-saas-backend spec: host: su1.3scale.net trafficPolicy: tls: mode: SIMPLE sni: su1.3scale.net$ oc apply -f service-entry-threescale-saas-backend.yml
$ oc apply -f destination-rule-threescale-saas-backend.yml
ServiceEntry CR
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: service-entry-threescale-saas-system spec: hosts: - multitenant.3scale.net ports: - number: 443 name: https protocol: HTTPS location: MESH_EXTERNAL resolution: DNSapiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: destination-rule-threescale-saas-system spec: host: multitenant.3scale.net trafficPolicy: tls: mode: SIMPLE sni: multitenant.3scale.net$ oc apply -f service-entry-threescale-saas-system.yml
$ oc apply -f <destination-rule-threescale-saas-system.yml>
추가 리소스
1.20.5.
1.20.5.1.
사전 요구 사항
1.20.5.2.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
namespace: <bookinfo>
spec:
pluginConfig:
api: v1
...
1.20.5.3.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
system:
name: <saas_porta>
upstream: <object>
token: <my_account_token>
ttl: 300
...| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 선택 사항 |
|
|
| 제공됨 |
|
|
| 제공됨 |
|
|
| 선택 사항 |
1.20.5.4.
apiVersion: maistra.io/v1 upstream: name: outbound|443||multitenant.3scale.net url: "https://myaccount-admin.3scale.net/" timeout: 5000 ...
| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 제공됨 |
|
|
| 제공됨 |
|
|
| 선택 사항 |
1.20.5.5.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
...
backend:
name: backend
upstream: <object>
...| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 선택 사항 |
|
|
| 제공됨 |
1.20.5.6.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
...
services:
- id: "2555417834789"
token: service_token
authorities:
- "*.app"
- 0.0.0.0
- "0.0.0.0:8443"
credentials: <object>
mapping_rules: <object>
...
| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 제공됨 |
|
|
| 선택 사항 |
|
|
| 제공됨 |
|
|
| 제공됨 |
|
|
| 선택 사항 |
1.20.5.7.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
...
services:
- credentials:
user_key: <array_of_lookup_queries>
app_id: <array_of_lookup_queries>
app_key: <array_of_lookup_queries>
...| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 선택 사항 |
|
|
| 선택 사항 |
|
|
| 선택 사항 |
1.20.5.8.
다음 예제를 참조하십시오.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
...
services:
- credentials:
user_key:
- <source_type>: <object>
- <source_type>: <object>
...
app_id:
- <source_type>: <object>
...
app_key:
- <source_type>: <object>
...
...1.20.5.9.
| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 제공됨 |
|
|
| 선택 사항 |
1.20.5.10.
추가 리소스
1.20.5.11.
1.20.5.12.
| 이름 | 설명 | 필수 항목 |
|---|---|---|
|
|
| 제공됨 |
|
|
| 제공됨 |
|
|
| 제공됨 |
|
|
|
|
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
pluginConfig:
...
mapping_rules:
- method: GET
pattern: /
usages:
- name: hits
delta: 1
- method: GET
pattern: /products/
usages:
- name: products
delta: 1
- method: ANY
pattern: /products/{id}/sold
usages:
- name: sales
delta: 1
- name: products
delta: 1
...
- products: 2
1.20.6.
1.20.6.1.
credentials:
user_key:
- query_string:
keys:
- user_key
- header:
keys:
- user_key1.20.6.2.
credentials:
app_id:
- header:
keys:
- app_id
- query_string:
keys:
- app_id
app_key:
- header:
keys:
- app_key
- query_string:
keys:
- app_key1.20.6.3.
aladdin:opensesame: Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
credentials:
app_id:
- header:
keys:
- authorization
ops:
- split:
separator: " "
max: 2
- length:
min: 2
- drop:
head: 1
- base64_urlsafe
- split:
max: 2
app_key:
- header:
keys:
- app_key
credentials: app_id: - header: keys: - authorization ops: - split: separator: " " max: 2 - length: min: 2 - reverse - glob: - Basic - drop: tail: 1 - base64_urlsafe - split: max: 2 - test: if: length: min: 2 then: - strlen: max: 63 - or: - strlen: min: 1 - drop: tail: 1 - assert: - and: - reverse - or: - strlen: min: 8 - glob: - aladdin - admin
1.20.6.4.
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
name: jwt-example
namespace: bookinfo
spec:
selector:
matchLabels:
app: productpage
jwtRules:
- issuer: >-
http://keycloak-keycloak.34.242.107.254.nip.io/auth/realms/3scale-keycloak
jwksUri: >-
http://keycloak-keycloak.34.242.107.254.nip.io/auth/realms/3scale-keycloak/protocol/openid-connect/certs
credentials:
app_id:
- filter:
path:
- envoy.filters.http.jwt_authn
- "0"
keys:
- azp
- aud
ops:
- take:
head: 1
1.20.6.5.
credentials:
app_id:
- header:
keys:
- x-jwt-payload
ops:
- base64_urlsafe
- json:
- keys:
- azp
- aud
- take:
head: 11.20.7.
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: <threescale_wasm_plugin_name>
spec:
url: oci://registry.redhat.io/3scale-amp2/3scale-auth-wasm-rhel8:0.0.3
imagePullSecret: <optional_pull_secret_resource>
phase: AUTHZ
priority: 100
selector:
labels:
app: <product_page>
pluginConfig:
api: v1
system:
name: <system_name>
upstream:
name: outbound|443||multitenant.3scale.net
url: https://istiodevel-admin.3scale.net/
timeout: 5000
token: <token>
backend:
name: <backend_name>
upstream:
name: outbound|443||su1.3scale.net
url: https://su1.3scale.net/
timeout: 5000
extensions:
- no_body
services:
- id: '2555417834780'
authorities:
- "*"
credentials:
user_key:
- query_string:
keys:
- <user_key>
- header:
keys:
- <user_key>
app_id:
- query_string:
keys:
- <app_id>
- header:
keys:
- <app_id>
app_key:
- query_string:
keys:
- <app_key>
- header:
keys:
- <app_key>