Sidecar:用来定义某个Sidecar流量出入的。

istio-proxy-sidecar.png

EnvoyFilter:自定义Envoy的配置文件的。

Sidecar:

apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: default
  namespace: default
spec:
  ingress:
  - port:
      number: 9080
      protocol: HTTP
      name: somename
    defaultEndpoint: unix:///var/run/someuds.sock
  egress:
  - port:
      number: 9080
      protocol: HTTP
      name: egresshttp
    hosts:
    - "default/*"
  - hosts:
    - "istio-system/*"

Sidecar:

apiVersion: networking.istio.io/v1alpha3
kind: Sidecar
metadata:
  name: partial-ip-tables
  namespace: prod-us1
spec:
  workloadSelector:
    labels:
      app: productpage
  ingress:
  - bind: 172.16.1.32
    port:
      number: 80
      protocol: HTTP
      name: somename
    defaultEndpoint: 127.0.0.1:8080
    captureMode: NONE
  egress:
  - captureMode: IPTABLES
    hosts:
    - "*/*"

EnvoyFilter:配置Envoy的资源。