在istio-system分区创建一个EnvoyFilter,作用于全局网关实例,yaml如下:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: {istio-ingressgateway-name}
namespace: {istio-ingressgateway-ns}
spec:
workloadSelector:
labels:
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
#proxy:
#proxyVersion: ^1.14.*
patch:
operation: INSERT_BEFORE
value:
name: with-matcher
typed_config:
'@type': type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher
extension_config:
name: envoy.filters.http.buffer
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
max_request_bytes: {max-body-size}
xds_matcher:
matcher_tree:
input:
name: request-headers
typed_config:
'@type': type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput
header_name: Upgrade
exact_match_map:
map:
websocket:
action:
name: skip
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter