Skip to content

Instantly share code, notes, and snippets.

@tanan

tanan/envoy.yaml

Created Sep 27, 2020
Embed
What would you like to do?
envoy proxy for frontend
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_http
address:
socket_address: { address: 0.0.0.0, port_value: 80 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: redirect_route
virtual_hosts:
- name: backend
domains:
- "www.example.com"
- "example.com"
routes:
- match:
prefix: "/"
redirect:
https_redirect: true
http_filters:
- name: envoy.filters.http.router
typed_config: {}
- name: listener_https
address:
socket_address: { address: 0.0.0.0, port_value: 443 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: backend_route
virtual_hosts:
- name: backend
domains:
- "www.example.com"
- "example.com"
routes:
- match:
prefix: "/service/2"
route:
prefix_rewrite: "/"
cluster: service2
hash_policy:
- cookie:
name: balanceid
ttl: 0s
- match:
prefix: "/"
route:
cluster: service1
response_headers_to_add:
- header:
key: "x-frame-options"
value: "sameorigin"
- header:
key: "x-xss-protection"
value: "1; mode=block"
http_filters:
- name: envoy.filters.http.router
tls_context:
common_tls_context:
tls_certificates:
- certificate_chain:
filename: "/etc/envoy/certs/example-com.crt"
private_key:
filename: "/etc/envoy/certs/example-com.key"
clusters:
- name: service1
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service1
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: service1-1
port_value: 8080
- endpoint:
address:
socket_address:
address: service1-2
port_value: 8080
health_checks:
- timeout: 1s
interval: 3s
interval_jitter: 1s
unhealthy_threshold: 1
healthy_threshold: 1
http_health_check:
path: "/healthz"
- name: service2
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: RING_HASH
load_assignment:
cluster_name: service2
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: service2-1
port_value: 8080
- endpoint:
address:
socket_address:
address: service2-2
port_value: 8080
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.