Backport of Explicitly enable WebSocket upgrades into release/1.16.x (#18211)

This PR explicitly enables WebSocket upgrades in Envoy's UpgradeConfig for all
proxy types. (API Gateway, Ingress, and Sidecar.)

Fixes #8283

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
This commit is contained in:
hc-github-team-consul-core 2023-07-20 17:57:13 -04:00 committed by GitHub
parent f618948c30
commit 354f1dc6ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
77 changed files with 3873 additions and 3772 deletions

3
.changelog/18150.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
xds: Explicitly enable WebSocket connection upgrades in HTTP connection manager
```

View File

@ -2470,6 +2470,10 @@ func makeHTTPFilter(opts listenerFilterOpts) (*envoy_listener_v3.Filter, error)
// sampled. // sampled.
RandomSampling: &envoy_type_v3.Percent{Value: 0.0}, RandomSampling: &envoy_type_v3.Percent{Value: 0.0},
}, },
// Explicitly enable WebSocket upgrades for all HTTP listeners
UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
{UpgradeType: "websocket"},
},
} }
if opts.tracing != nil { if opts.tracing != nil {

View File

@ -209,7 +209,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -248,4 +253,4 @@
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -210,7 +210,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -249,4 +254,4 @@
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -233,7 +233,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -272,4 +277,4 @@
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -309,7 +309,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -348,4 +353,4 @@
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,214 +1,219 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "db", "name": "db",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "db.default.default.dc1", "name": "db.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"invocationMode": "ASYNCHRONOUS" "invocationMode": "ASYNCHRONOUS"
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -216,66 +221,71 @@
} }
}, },
{ {
"name": "envoy.filters.http.lua", "name": "envoy.filters.http.lua",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua", "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
"inlineCode": "\nfunction envoy_on_request(request_handle)\n request_handle:headers():add(\"test\", \"test\")\nend" "inlineCode": "\nfunction envoy_on_request(request_handle)\n request_handle:headers():add(\"test\", \"test\")\nend"
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,155 +1,160 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "db", "name": "db",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "db.default.default.dc1", "name": "db.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"invocationMode": "ASYNCHRONOUS" "invocationMode": "ASYNCHRONOUS"
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,212 +1,217 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "outbound_listener:127.0.0.1:15001", "name": "outbound_listener:127.0.0.1:15001",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 15001 "portValue": 15001
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filterChainMatch": { "filterChainMatch": {
"prefixRanges": [ "prefixRanges": [
{ {
"addressPrefix": "10.0.0.1", "addressPrefix": "10.0.0.1",
"prefixLen": 32 "prefixLen": 32
}, },
{ {
"addressPrefix": "240.0.0.1", "addressPrefix": "240.0.0.1",
"prefixLen": 32 "prefixLen": 32
} }
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.google.default.default.dc1", "statPrefix": "upstream.google.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "google", "name": "google",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "google.default.default.dc1", "name": "google.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
] ]
} }
], ],
"defaultFilterChain": { "defaultFilterChain": {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.original-destination", "statPrefix": "upstream.original-destination",
"cluster": "original-destination" "cluster": "original-destination"
} }
} }
] ]
}, },
"listenerFilters": [ "listenerFilters": [
{ {
"name": "envoy.filters.listener.original_dst", "name": "envoy.filters.listener.original_dst",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst" "@type": "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
} }
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,146 +1,151 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "db", "name": "db",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "db.default.default.dc1", "name": "db.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,155 +1,160 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "db", "name": "db",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "db.default.default.dc1", "name": "db.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,445 +1,460 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "default:1.2.3.4:8443", "name": "default:1.2.3.4:8443",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8443 "portValue": 8443
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.api.default.default.dc1", "statPrefix": "upstream.api.default.default.dc1",
"cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.cache.default.default.dc1", "statPrefix": "upstream.cache.default.default.dc1",
"cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "canary1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "canary2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.sni_cluster", "name": "envoy.filters.network.sni_cluster",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "terminating_gateway.default", "statPrefix": "terminating_gateway.default",
"cluster": "" "cluster": ""
} }
} }
] ]
} }
], ],
"listenerFilters": [ "listenerFilters": [
{ {
"name": "envoy.filters.listener.tls_inspector", "name": "envoy.filters.listener.tls_inspector",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,279 +1,284 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "default:1.2.3.4:8443", "name": "default:1.2.3.4:8443",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8443 "portValue": 8443
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.api.default.default.dc1", "statPrefix": "upstream.api.default.default.dc1",
"cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.cache.default.default.dc1", "statPrefix": "upstream.cache.default.default.dc1",
"cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filterChainMatch": { "filterChainMatch": {
"serverNames": [ "serverNames": [
"web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
] ]
}, },
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.aws_lambda", "name": "envoy.filters.http.aws_lambda",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config",
"arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234", "arn": "arn:aws:lambda:us-east-1:111111111111:function:lambda-1234",
"payloadPassthrough": true "payloadPassthrough": true
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
}, },
"stripAnyHostPort": true "upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"stripAnyHostPort": true
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
}, },
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.sni_cluster", "name": "envoy.filters.network.sni_cluster",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "terminating_gateway.default", "statPrefix": "terminating_gateway.default",
"cluster": "" "cluster": ""
} }
} }
] ]
} }
], ],
"listenerFilters": [ "listenerFilters": [
{ {
"name": "envoy.filters.listener.tls_inspector", "name": "envoy.filters.listener.tls_inspector",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,146 +1,151 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "db", "name": "db",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "db.default.default.dc1", "name": "db.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,66 +176,71 @@
} }
}, },
{ {
"name": "envoy.filters.http.lua", "name": "envoy.filters.http.lua",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua", "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
"inlineCode": "\nfunction envoy_on_request(request_handle)\n request_handle:headers():add(\"test\", \"test\")\nend" "inlineCode": "\nfunction envoy_on_request(request_handle)\n request_handle:headers():add(\"test\", \"test\")\nend"
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -49,7 +49,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -230,7 +235,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -70,7 +70,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -109,7 +114,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -297,7 +307,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -56,7 +56,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -230,7 +235,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -49,7 +49,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -223,7 +228,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -49,7 +49,12 @@
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -223,7 +228,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -192,7 +192,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -192,7 +192,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -1,177 +1,177 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"statPrefix": "custom.stats.inbound.only", "statPrefix": "custom.stats.inbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -179,59 +179,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,175 +1,175 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"statPrefix": "custom.stats", "address": {
"address": { "socketAddress": {
"socketAddress": { "address": "0.0.0.0",
"address": "0.0.0.0", "portValue": 9999
"portValue": 9999
} }
}, },
"filterChains": [ "statPrefix": "custom.stats",
"filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -177,59 +177,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,176 +1,176 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"statPrefix": "custom.stats", "statPrefix": "custom.stats",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"statPrefix": "custom.stats", "statPrefix": "custom.stats",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -178,59 +178,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,177 +1,177 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"statPrefix": "custom.stats.inbound.only", "statPrefix": "custom.stats.inbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -179,59 +179,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,175 +1,175 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -177,59 +177,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,192 +1,197 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"statPrefix": "custom.stats.outbound.only", "statPrefix": "custom.stats.outbound.only",
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -194,59 +199,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,174 +1,174 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"routeConfig": { "routeConfig": {
"name": "public_listener", "name": "public_listener",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "public_listener", "name": "public_listener",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "local_app" "cluster": "local_app"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": {} "rules": {}
} }
}, },
{ {
"name": "envoy.filters.http.header_to_metadata", "name": "envoy.filters.http.header_to_metadata",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config",
"requestRules": [ "requestRules": [
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
} }
} }
}, },
{ {
"header": "x-forwarded-client-cert", "header": "x-forwarded-client-cert",
"onHeaderPresent": { "onHeaderPresent": {
"metadataNamespace": "consul", "metadataNamespace": "consul",
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": {}, "googleRe2": {},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
} }
} }
} }
@ -176,59 +176,64 @@
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
"cert": true, "cert": true,
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
}, },
"alpnProtocols": [ "alpnProtocols": [
"http/1.1" "http/1.1"
] ]
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -111,9 +109,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -127,9 +123,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -143,9 +137,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -159,9 +151,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -175,9 +165,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -216,9 +204,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -227,7 +213,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -236,9 +227,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -111,9 +109,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -127,9 +123,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -143,9 +137,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -159,9 +151,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -175,9 +165,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -221,9 +209,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -232,7 +218,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -241,9 +232,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -1,49 +1,54 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "http:1.2.3.4:8080", "name": "http:1.2.3.4:8080",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8080 "portValue": 8080
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,74 +1,79 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "http:1.2.3.4:8081", "name": "http:1.2.3.4:8081",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8081 "portValue": 8081
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "tcp-service:1.2.3.4:8080", "name": "tcp-service:1.2.3.4:8080",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8080 "portValue": 8080
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.tcp-service.default.default.dc1", "statPrefix": "upstream.tcp-service.default.default.dc1",
"cluster": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -1,49 +1,54 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "http:1.2.3.4:8080", "name": "http:1.2.3.4:8080",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "1.2.3.4", "address": "1.2.3.4",
"portValue": 8080 "portValue": 8080
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": {}, "ads": {},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -20,9 +20,7 @@
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -49,13 +47,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -104,9 +103,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -124,9 +121,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -20,9 +20,7 @@
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -49,13 +47,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -104,9 +103,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -124,9 +121,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -20,9 +20,7 @@
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -88,9 +89,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -108,9 +107,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -20,9 +20,7 @@
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -36,13 +34,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -91,9 +90,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -111,9 +108,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -231,7 +231,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -111,9 +109,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -127,9 +123,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -143,9 +137,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -159,9 +151,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -175,9 +165,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -227,7 +215,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -236,9 +229,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -64,10 +64,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -91,9 +94,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -111,9 +112,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -48,10 +48,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -106,10 +109,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -133,9 +139,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -153,9 +157,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -48,13 +48,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -109,10 +110,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -136,9 +140,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -156,9 +158,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -107,9 +107,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -120,13 +118,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -135,9 +134,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -96,9 +96,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -113,9 +111,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -129,9 +125,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -145,9 +139,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -161,9 +153,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -177,9 +167,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -197,9 +185,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -208,7 +194,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -217,9 +208,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -107,10 +105,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -119,9 +120,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -111,9 +109,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -127,9 +123,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -143,9 +137,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -159,9 +151,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -175,9 +165,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -195,9 +183,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -206,7 +192,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -215,9 +206,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -48,10 +48,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -100,9 +103,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -120,9 +121,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -94,9 +94,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -111,9 +109,7 @@
"key": "trust-domain", "key": "trust-domain",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\1" "substitution": "\\1"
@ -127,9 +123,7 @@
"key": "partition", "key": "partition",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\2" "substitution": "\\2"
@ -143,9 +137,7 @@
"key": "namespace", "key": "namespace",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\3" "substitution": "\\3"
@ -159,9 +151,7 @@
"key": "datacenter", "key": "datacenter",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\4" "substitution": "\\4"
@ -175,9 +165,7 @@
"key": "service", "key": "service",
"regexValueRewrite": { "regexValueRewrite": {
"pattern": { "pattern": {
"googleRe2": { "googleRe2": {},
},
"regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*"
}, },
"substitution": "\\5" "substitution": "\\5"
@ -195,13 +183,9 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
},
"http2ProtocolOptions": {
}, },
"http2ProtocolOptions": {},
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
"subject": true, "subject": true,
@ -209,7 +193,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -218,9 +207,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -49,13 +47,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_443", "statPrefix": "ingress_upstream_443",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "443" "routeConfigName": "443"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -66,9 +67,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -82,10 +81,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -49,13 +47,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -82,9 +81,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -111,13 +108,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -49,13 +47,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -113,9 +112,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -129,13 +126,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,13 +34,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
] ]
@ -69,9 +68,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -85,13 +82,14 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"http2ProtocolOptions": { "http2ProtocolOptions": {},
"upgradeConfigs": [
} {
"upgradeType": "websocket"
}
]
} }
} }
], ],

View File

@ -25,9 +25,7 @@
"statPrefix": "ingress_upstream_8080_s1", "statPrefix": "ingress_upstream_8080_s1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080_s1" "routeConfigName": "8080_s1"
@ -41,10 +39,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -53,9 +54,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "s1.example.com-cert", "name": "s1.example.com-cert",
@ -93,9 +92,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -109,10 +106,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -121,9 +121,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "*.example.com-cert", "name": "*.example.com-cert",

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -48,9 +49,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "listener-cert", "name": "listener-cert",

View File

@ -25,9 +25,7 @@
"statPrefix": "ingress_upstream_8080_s1", "statPrefix": "ingress_upstream_8080_s1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080_s1" "routeConfigName": "8080_s1"
@ -41,10 +39,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -53,9 +54,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "s1.example.com-cert", "name": "s1.example.com-cert",
@ -93,9 +92,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -109,10 +106,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]

View File

@ -25,9 +25,7 @@
"statPrefix": "ingress_upstream_8080_s1", "statPrefix": "ingress_upstream_8080_s1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080_s1" "routeConfigName": "8080_s1"
@ -41,10 +39,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -53,9 +54,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "s1.example.com-cert", "name": "s1.example.com-cert",
@ -98,9 +97,7 @@
"statPrefix": "ingress_upstream_8080_s2", "statPrefix": "ingress_upstream_8080_s2",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080_s2" "routeConfigName": "8080_s2"
@ -114,10 +111,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -126,9 +126,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificateSdsSecretConfigs": [ "tlsCertificateSdsSecretConfigs": [
{ {
"name": "s2.example.com-cert", "name": "s2.example.com-cert",

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -66,9 +67,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -82,10 +81,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -96,9 +97,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -112,10 +111,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -172,9 +174,7 @@
"statPrefix": "ingress_upstream_8082", "statPrefix": "ingress_upstream_8082",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8082" "routeConfigName": "8082"
@ -188,10 +188,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -248,9 +251,7 @@
"statPrefix": "ingress_upstream_8083", "statPrefix": "ingress_upstream_8083",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8083" "routeConfigName": "8083"
@ -264,10 +265,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -276,9 +280,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -324,9 +326,7 @@
"statPrefix": "ingress_upstream_8084", "statPrefix": "ingress_upstream_8084",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8084" "routeConfigName": "8084"
@ -340,10 +340,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -48,9 +49,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -96,9 +95,7 @@
"statPrefix": "ingress_upstream_9090", "statPrefix": "ingress_upstream_9090",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "9090" "routeConfigName": "9090"
@ -112,10 +109,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]

View File

@ -20,9 +20,7 @@
"statPrefix": "ingress_upstream_8080", "statPrefix": "ingress_upstream_8080",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8080" "routeConfigName": "8080"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -96,9 +97,7 @@
"statPrefix": "ingress_upstream_8081", "statPrefix": "ingress_upstream_8081",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8081" "routeConfigName": "8081"
@ -112,10 +111,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],
@ -172,9 +174,7 @@
"statPrefix": "ingress_upstream_8082", "statPrefix": "ingress_upstream_8082",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "8082" "routeConfigName": "8082"
@ -188,10 +188,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
], ],

View File

@ -25,9 +25,7 @@
"statPrefix": "mesh_gateway_local_peered.db.default.default.dc1", "statPrefix": "mesh_gateway_local_peered.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -41,9 +39,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "SANITIZE_SET", "forwardClientCertDetails": "SANITIZE_SET",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -52,7 +48,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -61,9 +62,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -25,9 +25,7 @@
"statPrefix": "mesh_gateway_local_peered.bar.default.default.dc1", "statPrefix": "mesh_gateway_local_peered.bar.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "bar" "routeConfigName": "bar"
@ -41,9 +39,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "SANITIZE_SET", "forwardClientCertDetails": "SANITIZE_SET",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -52,7 +48,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -61,9 +62,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -115,9 +114,7 @@
"statPrefix": "mesh_gateway_local_peered.foo.default.default.dc1", "statPrefix": "mesh_gateway_local_peered.foo.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "foo" "routeConfigName": "foo"
@ -131,9 +128,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "SANITIZE_SET", "forwardClientCertDetails": "SANITIZE_SET",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -142,7 +137,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -151,9 +151,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -205,9 +203,7 @@
"statPrefix": "mesh_gateway_local_peered.gir.default.default.dc1", "statPrefix": "mesh_gateway_local_peered.gir.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "gir" "routeConfigName": "gir"
@ -221,9 +217,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "SANITIZE_SET", "forwardClientCertDetails": "SANITIZE_SET",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -232,7 +226,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -241,9 +240,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -20,9 +20,7 @@
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "db" "routeConfigName": "db"
@ -36,10 +34,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -88,9 +89,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -108,9 +107,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -1,184 +1,189 @@
{ {
"versionInfo": "00000001", "versionInfo": "00000001",
"resources": [ "resources": [
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "consul-telemetry-collector:/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock", "name": "consul-telemetry-collector:/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock",
"address": { "address": {
"pipe": { "pipe": {
"path": "/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock" "path": "/tmp/consul/telemetry-collector/gqmuzdHCUPAEY5mbF8vgkZCNI14.sock"
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.http_connection_manager", "name": "envoy.filters.network.http_connection_manager",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "upstream.consul-telemetry-collector.default.default.dc1", "statPrefix": "upstream.consul-telemetry-collector.default.default.dc1",
"routeConfig": { "routeConfig": {
"name": "consul-telemetry-collector", "name": "consul-telemetry-collector",
"virtualHosts": [ "virtualHosts": [
{ {
"name": "consul-telemetry-collector.default.default.dc1", "name": "consul-telemetry-collector.default.default.dc1",
"domains": [ "domains": [
"*" "*"
], ],
"routes": [ "routes": [
{ {
"match": { "match": {
"prefix": "/" "prefix": "/"
}, },
"route": { "route": {
"cluster": "consul-telemetry-collector.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "consul-telemetry-collector.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
] ]
}, },
"httpFilters": [ "httpFilters": [
{ {
"name": "envoy.filters.http.grpc_stats", "name": "envoy.filters.http.grpc_stats",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig",
"statsForAllMethods": true "statsForAllMethods": true
} }
}, },
{ {
"name": "envoy.filters.http.grpc_http1_bridge", "name": "envoy.filters.http.grpc_http1_bridge",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config"
} }
}, },
{ {
"name": "envoy.filters.http.router", "name": "envoy.filters.http.router",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
} }
} }
], ],
"tracing": { "tracing": {
"randomSampling": {} "randomSampling": {}
}, },
"http2ProtocolOptions": {} "http2ProtocolOptions": {},
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "db:127.0.0.1:9191", "name": "db:127.0.0.1:9191",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.0.0.1", "address": "127.0.0.1",
"portValue": 9191 "portValue": 9191
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.db.default.default.dc1", "statPrefix": "upstream.db.default.default.dc1",
"cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "prepared_query:geo-cache:127.10.10.10:8181", "name": "prepared_query:geo-cache:127.10.10.10:8181",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "127.10.10.10", "address": "127.10.10.10",
"portValue": 8181 "portValue": 8181
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "upstream.prepared_query_geo-cache", "statPrefix": "upstream.prepared_query_geo-cache",
"cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
} }
} }
] ]
} }
], ],
"trafficDirection": "OUTBOUND" "trafficDirection": "OUTBOUND"
}, },
{ {
"@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "@type": "type.googleapis.com/envoy.config.listener.v3.Listener",
"name": "public_listener:0.0.0.0:9999", "name": "public_listener:0.0.0.0:9999",
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "0.0.0.0", "address": "0.0.0.0",
"portValue": 9999 "portValue": 9999
} }
}, },
"filterChains": [ "filterChains": [
{ {
"filters": [ "filters": [
{ {
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
{ {
"name": "envoy.filters.network.tcp_proxy", "name": "envoy.filters.network.tcp_proxy",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "public_listener", "statPrefix": "public_listener",
"cluster": "local_app" "cluster": "local_app"
} }
} }
], ],
"transportSocket": { "transportSocket": {
"name": "tls", "name": "tls",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": {}, "tlsParams": {},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n"
}, },
"privateKey": { "privateKey": {
"inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n"
} }
} }
], ],
"validationContext": { "validationContext": {
"trustedCa": { "trustedCa": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n"
} }
} }
}, },
"requireClientCertificate": true "requireClientCertificate": true
} }
} }
} }
], ],
"trafficDirection": "INBOUND" "trafficDirection": "INBOUND"
} }
], ],
"typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener",
"nonce": "00000001" "nonce": "00000001"
} }

View File

@ -22,9 +22,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -42,9 +40,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -76,9 +72,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -96,9 +90,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -130,9 +122,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -150,9 +140,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -187,9 +175,7 @@
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -199,9 +185,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -212,9 +196,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -223,7 +205,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -232,9 +219,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -269,9 +254,7 @@
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -281,9 +264,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -294,9 +275,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -305,7 +284,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -314,9 +298,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -351,9 +333,7 @@
"statPrefix": "upstream.web.default.default.dc1", "statPrefix": "upstream.web.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -363,9 +343,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -376,9 +354,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -387,7 +363,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -396,9 +377,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -48,9 +48,7 @@
"statPrefix": "upstream.destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "statPrefix": "upstream.destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -64,10 +62,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -84,9 +85,7 @@
"statPrefix": "upstream.destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "statPrefix": "upstream.destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -100,10 +99,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -166,9 +168,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -186,9 +186,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -85,10 +85,13 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
},
"upgradeConfigs": [
{
"upgradeType": "websocket"
} }
} ]
} }
} }
] ]
@ -157,9 +160,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -177,9 +178,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -22,9 +22,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -42,9 +40,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -79,9 +75,7 @@
"statPrefix": "upstream.external-IP-HTTP.default.default.dc1", "statPrefix": "upstream.external-IP-HTTP.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -91,9 +85,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -104,9 +96,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -115,7 +105,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -124,9 +119,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -158,9 +151,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -178,9 +169,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -212,9 +201,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -232,9 +219,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -266,9 +251,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -286,9 +269,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -320,9 +301,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -340,9 +319,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -377,9 +354,7 @@
"statPrefix": "upstream.external-hostname-HTTP.default.default.dc1", "statPrefix": "upstream.external-hostname-HTTP.default.default.dc1",
"rds": { "rds": {
"configSource": { "configSource": {
"ads": { "ads": {},
},
"resourceApiVersion": "V3" "resourceApiVersion": "V3"
}, },
"routeConfigName": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" "routeConfigName": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul"
@ -389,9 +364,7 @@
"name": "envoy.filters.http.rbac", "name": "envoy.filters.http.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC",
"rules": { "rules": {}
}
} }
}, },
{ {
@ -402,9 +375,7 @@
} }
], ],
"tracing": { "tracing": {
"randomSampling": { "randomSampling": {}
}
}, },
"forwardClientCertDetails": "APPEND_FORWARD", "forwardClientCertDetails": "APPEND_FORWARD",
"setCurrentClientCertDetails": { "setCurrentClientCertDetails": {
@ -413,7 +384,12 @@
"chain": true, "chain": true,
"dns": true, "dns": true,
"uri": true "uri": true
} },
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
]
} }
} }
], ],
@ -422,9 +398,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {
@ -456,9 +430,7 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": { "rules": {},
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },
@ -476,9 +448,7 @@
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext",
"commonTlsContext": { "commonTlsContext": {
"tlsParams": { "tlsParams": {},
},
"tlsCertificates": [ "tlsCertificates": [
{ {
"certificateChain": { "certificateChain": {

View File

@ -677,6 +677,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{ Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
RandomSampling: &envoy_type_v3.Percent{Value: 0}, RandomSampling: &envoy_type_v3.Percent{Value: 0},
}, },
UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
{UpgradeType: "websocket"},
},
Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
}), }),
}, },
@ -705,6 +708,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{ Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
RandomSampling: &envoy_type_v3.Percent{Value: 0}, RandomSampling: &envoy_type_v3.Percent{Value: 0},
}, },
UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
{UpgradeType: "websocket"},
},
Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{},
}), }),
}, },
@ -733,6 +739,9 @@ func makeTestListener(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName s
Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{ Tracing: &envoy_http_v3.HttpConnectionManager_Tracing{
RandomSampling: &envoy_type_v3.Percent{Value: 0}, RandomSampling: &envoy_type_v3.Percent{Value: 0},
}, },
UpgradeConfigs: []*envoy_http_v3.HttpConnectionManager_UpgradeConfig{
{UpgradeType: "websocket"},
},
// HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{}, // HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{},
}), }),
}, },