Custom envoy config to use ext_authz

[joda01]

What question do you have?:

I'm using the contour implementation of the Kubernetes Gateway API since when using the contour HTTPProxy CRD I always have to modify the root HTTPProxy when adding a new ingress rule which is not possible in my application.

But I need an authentication Middleware as described in https://projectcontour.io/guides/external-authorization/. I did not found a solution how to manage this using the Gateway API.

My idea was to manually add external auth using plain Envoy configuration / filters as described in https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter

However I did not found a possibility how to specify/ass a customer specific envoy configuration using contour. Is there a way to add custom specific envoy configs using contour? Or is there a better solution how to add an authentication Middleware using Gateway API?

An other solution for my application would also be to allow adding HTTPProxy rules without modifying the root HTTPProxy element, but I think this is no option as a read in other threads.

Thank's lot!

Environment

Contour version: 1.22.0 Kubernetes version: v1.23.2 Kubernetes installer & version: AKS Cloud provider or hardware configuration: Azure AKS