Example repo to demonstrate Envoy External Authorization with Golang GRPC service
This repository provides an envoy configuration file with an external auth filter activated for all incoming routes at port 8080
The envoy is configured with two clusters,
go_grpc_filter
The filter envoy.filters.http.ext_authz
in envoy is pointed at this go grpc cluster. All incoming requests will be forwarded to this cluster.
The Check method will be called during a request; it then adds a custom header to all other requests and rejects requests with the path '/private'.
Request | grpc_filter | status | http_server_response |
---|---|---|---|
/ | x-custom-header = "Hello World" | 200 | Hello World |
/ private | 403 | - | - |
go_simple_http
It is a straightforward Golang HTTP server that merely emits the custom header value x-custom-header
added via the go_grpc_filter cluster.
To run this example
- Start the envoy server
envoy -c envoy.yml
- start the go_grpc_filter & go_simple_http servers by navigating to the cluster root.
go run main.go
- Go to http://localhost:8080