static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - transport_socket:
        name: envoy.transport_sockets.tls
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
          require_client_certificate: true
          common_tls_context:
            tls_params:
              tls_minimum_protocol_version: TLSv1_3
            validation_context:
              trusted_ca:
                filename: /certs/root_ca.crt
              match_typed_subject_alt_names:
              - san_type: URI
                matcher:
                  # exact: proxy-postgres-frontend.example.com
                  exact: spiffe://john-stream.com/ubuntu
            tls_certificates:
            - certificate_chain:
                filename: /certs/cert.pem
              private_key:
                filename: /certs/envoy.pem
      filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: rest_server
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
  - name: rest_server
    connect_timeout: 0.25s
    type: STRICT_DNS
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: rest_server
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: rest-server
                port_value: 8000