Skip to content

Instantly share code, notes, and snippets.

@heavypackets

heavypackets/envoy.yaml

Created October 10, 2018 03:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save heavypackets/b89a9d678343064b90701d960dcde746 to your computer and use it in GitHub Desktop.
Save heavypackets/b89a9d678343064b90701d960dcde746 to your computer and use it in GitHub Desktop.
Download ZIP
simple-secrets_fluentd-envoy
Raw
envoy.yaml
static_resources:
listeners:
- name: fluentd
address:
socket_address: { address: 0.0.0.0, port_value: 24224 }
filter_chains:
- filters:
- name: envoy.tcp_proxy
config:
stat_prefix: ingress_tcp
cluster: fluentd
tls_context:
common_tls_context:
tls_params:
ecdh_curves: "X25519:P-256:P-521:P-384"
tls_certificates:
certificate_chain: { "filename": "/certs/svid.pem" }
private_key: { "filename": "/certs/svid_key.pem" }
validation_context:
trusted_ca:
filename: /certs/svid_bundle.pem
verify_subject_alt_name:
- "spiffe://example.org/simple-secrets1"
clusters:
- name: fluentd
connect_timeout: 15s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: fluentd
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: fluentd
port_value: 24224
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment