Created
March 24, 2020 21:51
-
-
Save yxue/fd7f4e4318442360913b264014e7620e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"filter_chain_match": { | |
"prefix_ranges": [ | |
{ | |
"address_prefix": "0.0.0.0", | |
"prefix_len": 0 | |
} | |
], | |
"transport_protocol": "tls", | |
"application_protocols": [ | |
"http/1.0", | |
"http/1.1", | |
"h2c", | |
"istio-http/1.0", | |
"istio-http/1.1", | |
"istio-h2" | |
] | |
}, | |
"filters": [ | |
{ | |
"name": "istio.metadata_exchange", | |
"typed_config": { | |
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct", | |
"type_url": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange", | |
"value": { | |
"protocol": "istio-peer-exchange" | |
} | |
} | |
}, | |
{ | |
"name": "envoy.http_connection_manager", | |
"typed_config": { | |
"@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager", | |
"stat_prefix": "InboundPassthroughClusterIpv4", | |
"route_config": { | |
"name": "InboundPassthroughClusterIpv4", | |
"virtual_hosts": [ | |
{ | |
"name": "inbound|http|0", | |
"domains": [ | |
"*" | |
], | |
"routes": [ | |
{ | |
"match": { | |
"prefix": "/" | |
}, | |
"route": { | |
"cluster": "InboundPassthroughClusterIpv4", | |
"timeout": "0s", | |
"max_grpc_timeout": "0s" | |
}, | |
"decorator": { | |
"operation": ":0/*" | |
}, | |
"name": "default" | |
} | |
] | |
} | |
], | |
"validate_clusters": false | |
}, | |
"http_filters": [ | |
{ | |
"name": "istio.metadata_exchange", | |
"typed_config": { | |
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct", | |
"type_url": "type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm", | |
"value": { | |
"config": { | |
"vm_config": { | |
"runtime": "envoy.wasm.runtime.null", | |
"code": { | |
"local": { | |
"inline_string": "envoy.wasm.metadata_exchange" | |
} | |
} | |
}, | |
"configuration": "envoy.wasm.metadata_exchange" | |
} | |
} | |
} | |
}, | |
{ | |
"name": "envoy.cors" | |
}, | |
{ | |
"name": "envoy.fault" | |
}, | |
{ | |
"name": "istio.stats", | |
"typed_config": { | |
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct", | |
"type_url": "type.googleapis.com/envoy.config.filter.http.wasm.v2.Wasm", | |
"value": { | |
"config": { | |
"root_id": "stats_inbound", | |
"vm_config": { | |
"vm_id": "stats_inbound", | |
"runtime": "envoy.wasm.runtime.null", | |
"code": { | |
"local": { | |
"inline_string": "envoy.wasm.stats" | |
} | |
} | |
}, | |
"configuration": "{\n \"debug\": \"false\",\n \"stat_prefix\": \"istio\",\n}\n" | |
} | |
} | |
} | |
}, | |
{ | |
"name": "envoy.router" | |
} | |
], | |
"tracing": { | |
"client_sampling": { | |
"value": 100 | |
}, | |
"random_sampling": { | |
"value": 1 | |
}, | |
"overall_sampling": { | |
"value": 100 | |
} | |
}, | |
"server_name": "istio-envoy", | |
"access_log": [ | |
{ | |
"name": "envoy.file_access_log", | |
"typed_config": { | |
"@type": "type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog", | |
"path": "/dev/stdout", | |
"format": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% \"%DYNAMIC_METADATA(istio.mixer:status)%\" \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n" | |
} | |
} | |
], | |
"use_remote_address": false, | |
"generate_request_id": true, | |
"forward_client_cert_details": "APPEND_FORWARD", | |
"set_current_client_cert_details": { | |
"subject": true, | |
"dns": true, | |
"uri": true | |
}, | |
"upgrade_configs": [ | |
{ | |
"upgrade_type": "websocket" | |
} | |
], | |
"stream_idle_timeout": "0s", | |
"normalize_path": true | |
} | |
} | |
], | |
"transport_socket": { | |
"name": "envoy.transport_sockets.tls", | |
"typed_config": { | |
"@type": "type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext", | |
"common_tls_context": { | |
"alpn_protocols": [ | |
"istio-peer-exchange", | |
"h2", | |
"http/1.1" | |
], | |
"tls_certificate_sds_secret_configs": [ | |
{ | |
"name": "default", | |
"sds_config": { | |
"api_config_source": { | |
"api_type": "GRPC", | |
"grpc_services": [ | |
{ | |
"envoy_grpc": { | |
"cluster_name": "sds-grpc" | |
} | |
} | |
] | |
} | |
} | |
} | |
], | |
"combined_validation_context": { | |
"default_validation_context": { | |
}, | |
"validation_context_sds_secret_config": { | |
"name": "ROOTCA", | |
"sds_config": { | |
"api_config_source": { | |
"api_type": "GRPC", | |
"grpc_services": [ | |
{ | |
"envoy_grpc": { | |
"cluster_name": "sds-grpc" | |
} | |
} | |
] | |
} | |
} | |
} | |
} | |
}, | |
"require_client_certificate": true | |
} | |
}, | |
"name": "virtualInbound-catchall-http" | |
}, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment