forked from istio/istio
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcache_buster.yaml
31 lines (31 loc) · 1022 Bytes
/
cache_buster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
apiVersion: "config.istio.io/v1alpha2"
kind: denier
metadata:
name: denyall
spec:
status:
code: 7
message: Not allowed
---
apiVersion: "config.istio.io/v1alpha2"
kind: checknothing
metadata:
name: denyrequest
spec:
---
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: mixercachebuster
spec:
# one direction 1->2 will use the cache, while 2->1 will not use the cache.
# TODO: parametrize the namespace of find a way to get short names to work:
# TODO: this appears to always bust the cache, even if dest is echosrv1 !
match: destination.service == "echosrv1.istio.svc.cluster.local" && request.headers["x-request-id"] == "foo"
# test that denial does work
# match: destination.service == "echosrv1.istio.svc.cluster.local" && request.headers["x-forwarded-proto"] == "http" && source.service == "echosrv2.istio.svc.cluster.local"
actions:
# handler and instance names default to the rule's namespace.
- handler: denyall.denier
instances:
- denyrequest.checknothing