diff --git a/envoy.yaml b/envoy.yaml index bf5f6a0..1fe95a4 100644 --- a/envoy.yaml +++ b/envoy.yaml @@ -29,6 +29,7 @@ static_resources: - certificate_chain: { filename: /certs/cert.pem } private_key: { filename: /certs/envoy.pem } # --8<-- [end:transport_socket] + # --8<-- [start:http] filters: - name: envoy.filters.network.http_connection_manager typed_config: @@ -37,11 +38,14 @@ static_resources: use_remote_address: true http2_protocol_options: max_concurrent_streams: 100 + # --8<-- [start:access_log] access_log: - name: envoy.access_loggers.file typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog path: "/var/log/envoy/access.log" + # --8<-- [end:access_log] + # --8<-- [start:cluster_route] route_config: name: local_route virtual_hosts: @@ -52,7 +56,9 @@ static_resources: prefix: "/" route: cluster: restic + # --8<-- [end:cluster_route] http_filters: + # --8<-- [start:rbac] - name: envoy.filters.http.rbac typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC @@ -71,9 +77,11 @@ static_resources: - authenticated: principal_name: exact: "spiffe://john-stream.com/ubuntu" + # --8<-- [end:rbac] - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + # --8<-- [start:cluster] clusters: - name: restic connect_timeout: 0.25s @@ -89,3 +97,4 @@ static_resources: # Change this depending on the docker compose service name address: rest-server port_value: 8000 + # --8<-- [end:cluster]