mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-03-15 03:02:08 +00:00
112 lines
4.2 KiB
YAML
112 lines
4.2 KiB
YAML
static_resources:
|
|
listeners:
|
|
- name: "listener_http"
|
|
address:
|
|
socket_address:
|
|
address: "0.0.0.0"
|
|
port_value: 80
|
|
filter_chains:
|
|
- filters:
|
|
- name: "envoy.filters.network.http_connection_manager"
|
|
typed_config:
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
|
|
stat_prefix: "ingress_http"
|
|
use_remote_address: true
|
|
skip_xff_append: false
|
|
route_config:
|
|
name: "local_route"
|
|
virtual_hosts:
|
|
- name: "whoami_service"
|
|
domains: ["whoami.127.0.0.1.sslip.io"]
|
|
routes:
|
|
- match:
|
|
prefix: "/"
|
|
route:
|
|
cluster: "whoami"
|
|
- name: "tinyauth_service"
|
|
domains: ["tinyauth.127.0.0.1.sslip.io"]
|
|
typed_per_filter_config:
|
|
envoy.filters.http.ext_authz:
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute"
|
|
disabled: true
|
|
routes:
|
|
- match:
|
|
prefix: "/"
|
|
route:
|
|
cluster: "tinyauth"
|
|
http_filters:
|
|
- name: "envoy.filters.http.ext_authz"
|
|
typed_config:
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz"
|
|
transport_api_version: "v3"
|
|
http_service:
|
|
path_prefix: "/api/auth/envoy"
|
|
server_uri:
|
|
uri: "tinyauth:3000"
|
|
cluster: "tinyauth"
|
|
timeout: "0.25s"
|
|
authorization_request:
|
|
allowed_headers:
|
|
patterns:
|
|
- exact: "authorization"
|
|
- exact: "accept"
|
|
- exact: "cookie"
|
|
- exact: "location"
|
|
headers_to_add:
|
|
- key: "X-Forwarded-Proto"
|
|
value: "%REQ(:SCHEME)%"
|
|
authorization_response:
|
|
allowed_upstream_headers:
|
|
patterns:
|
|
- prefix: "remote-"
|
|
allowed_client_headers:
|
|
patterns:
|
|
- exact: "set-cookie"
|
|
allowed_client_headers_on_success:
|
|
patterns:
|
|
- exact: "set-cookie"
|
|
failure_mode_allow: false
|
|
- name: "envoy.filters.http.router"
|
|
typed_config:
|
|
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
|
|
clusters:
|
|
- name: "whoami"
|
|
connect_timeout: "0.25s"
|
|
type: "logical_dns"
|
|
dns_lookup_family: "v4_only"
|
|
lb_policy: "round_robin"
|
|
load_assignment:
|
|
cluster_name: "whoami"
|
|
endpoints:
|
|
- lb_endpoints:
|
|
- endpoint:
|
|
address:
|
|
socket_address:
|
|
address: "whoami"
|
|
port_value: 80
|
|
- name: "tinyauth"
|
|
connect_timeout: "0.25s"
|
|
type: "logical_dns"
|
|
dns_lookup_family: "v4_only"
|
|
lb_policy: "round_robin"
|
|
load_assignment:
|
|
cluster_name: "tinyauth"
|
|
endpoints:
|
|
- lb_endpoints:
|
|
- endpoint:
|
|
address:
|
|
socket_address:
|
|
address: "tinyauth"
|
|
port_value: 3000
|
|
layered_runtime:
|
|
layers:
|
|
- name: "static_layer_0"
|
|
static_layer:
|
|
envoy:
|
|
resource_limits:
|
|
listener:
|
|
example_listener_name:
|
|
connection_limit: 10000
|
|
overload:
|
|
global_downstream_max_connections: 50000
|