static_resources: listeners: - name: "listener_http" address: socket_address: address: "0.0.0.0" port_value: 80 filter_chains: - filters: - name: "envoy.filters.network.http_connection_manager" typed_config: "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" stat_prefix: "ingress_http" use_remote_address: true skip_xff_append: false route_config: name: "local_route" virtual_hosts: - name: "whoami_service" domains: ["whoami.127.0.0.1.sslip.io"] routes: - match: prefix: "/" route: cluster: "whoami" - name: "tinyauth_service" domains: ["tinyauth.127.0.0.1.sslip.io"] typed_per_filter_config: envoy.filters.http.ext_authz: "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute" disabled: true routes: - match: prefix: "/" route: cluster: "tinyauth" http_filters: - name: "envoy.filters.http.ext_authz" typed_config: "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz" transport_api_version: "v3" http_service: path_prefix: "/api/auth/envoy" server_uri: uri: "tinyauth:3000" cluster: "tinyauth" timeout: "0.25s" authorization_request: allowed_headers: patterns: - exact: "authorization" - exact: "accept" - exact: "cookie" - exact: "location" headers_to_add: - key: "X-Forwarded-Proto" value: "%REQ(:SCHEME)%" authorization_response: allowed_upstream_headers: patterns: - prefix: "remote-" allowed_client_headers: patterns: - exact: "set-cookie" allowed_client_headers_on_success: patterns: - exact: "set-cookie" failure_mode_allow: false - name: "envoy.filters.http.router" typed_config: "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" clusters: - name: "whoami" connect_timeout: "0.25s" type: "logical_dns" dns_lookup_family: "v4_only" lb_policy: "round_robin" load_assignment: cluster_name: "whoami" endpoints: - lb_endpoints: - endpoint: address: socket_address: address: "whoami" port_value: 80 - name: "tinyauth" connect_timeout: "0.25s" type: "logical_dns" dns_lookup_family: "v4_only" lb_policy: "round_robin" load_assignment: cluster_name: "tinyauth" endpoints: - lb_endpoints: - endpoint: address: socket_address: address: "tinyauth" port_value: 3000 layered_runtime: layers: - name: "static_layer_0" static_layer: envoy: resource_limits: listener: example_listener_name: connection_limit: 10000 overload: global_downstream_max_connections: 50000