Skip to content

Instantly share code, notes, and snippets.

@heavypackets

heavypackets/envoy.yaml

Created October 10, 2018 06:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save heavypackets/708dfeada88102b4037a869e778c49f7 to your computer and use it in GitHub Desktop.
Save heavypackets/708dfeada88102b4037a869e778c49f7 to your computer and use it in GitHub Desktop.
Download ZIP
Simple Secretes: Prometheus Envoy
Raw
envoy.yaml
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
...
clusters:
- name: secrets-metrics
...
tls_context:
common_tls_context:
tls_params:
ecdh_curves: "X25519:P-256:P-521:P-384"
tls_certificates:
certificate_chain: { "filename": "/certs/svid.pem" }
private_key: { "filename": "/certs/svid_key.pem" }
validation_context:
trusted_ca:
filename: /certs/svid_bundle.pem
verify_subject_alt_name:
- "spiffe://example.org/simple-secrets1"
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: secrets-metrics
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: simple-secrets
port_value: 10000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment