Skip to content

Instantly share code, notes, and snippets.

@Axik

Axik/Config-Map.yml

Created April 7, 2023 15:42
Show Gist options
  • Save Axik/4ececc90cec0221e49240ed19c4c9578 to your computer and use it in GitHub Desktop.
Save Axik/4ececc90cec0221e49240ed19c4c9578 to your computer and use it in GitHub Desktop.
Download ZIP
alter queries to MongoDB using Envoy's MongoDB proxy
Raw
Config-Map.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: envoy-config
data:
envoy.yaml: |
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 27017
filter_chains:
- filters:
- name: envoy.filters.network.mongo_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy
stat_prefix: mongo
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: /dev/stdout
generate_id: true
emit_dynamic_metadata: true
decorate_all_responses: true
query_transformation:
transformation_template:
advanced_templates:
- {
input: "$fullCollectionName",
output: "$fullCollectionName",
operator: COPY,
flags: [
"PRESERVE_EXISTING"
],
}
- {
input: "$query",
output: "$query",
operator: MOVE,
flags: [
"PRESERVE_EXISTING"
],
}
- {
input: "tenant_id",
output: "$query.tenant_id",
operator: MOVE,
flags: [
"SKIP_IF_OUTPUT_PRESENT"
],
}
- name: envoy.filters.http.jwt_authn
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
providers:
provider1:
issuer: "https://issuer.example.com/"
audiences:
- "audience1"
remote_jwks:
http_uri:
uri: "https://issuer.example.com/.well-known/jwks.json"
cluster: "jwks"
timeout: 5s
rules:
- match:
prefix: "/api/"
requires:
provider_name: "provider1"
forward_payload_header: "tenant_id"
- filters:
- name: envoy.filters.network.tcp_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: tcp
cluster: mongo
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: /dev/stdout
clusters:
- name: mongo
connect_timeout: 0.25s
type: logical_dns
dns_lookup_family: V4_ONLY
lb_policy: round_robin
load_assignment:
cluster_name: mongo
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: mongo-service
port_value: 27017
clusters:
- name: jwks
type: STRICT_DNS
connect_timeout: 5s
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: jwks
endpoints:
- lb_endpoints:
- endpoint:
address:
socket
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment