"Fossies" - the Fresh Open Source Software Archive

Member "istio-1.6.5/pilot/docker/envoy_policy.yaml.tmpl" (8 Jul 2020, 9439 Bytes) of package /linux/misc/istio-1.6.5.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "envoy_policy.yaml.tmpl": 1.5.4_vs_1.6.0.

    1 admin:
    2   access_log_path: /dev/null
    3   address:
    4     socket_address:
    5       address: "{{ .localhost }}"
    6       port_value: 15000
    7 stats_config:
    8   use_all_default_tags: false
    9   stats_tags:
   10   - tag_name: cluster_name
   11     regex: '^cluster\.((.+?(\..+?\.svc\.cluster\.local)?)\.)'
   12   - tag_name: tcp_prefix
   13     regex: '^tcp\.((.*?)\.)\w+?$'
   14   - tag_name: response_code
   15     regex: '_rq(_(\d{3}))$'
   16   - tag_name: response_code_class
   17     regex: '_rq(_(\dxx))$'
   18   - tag_name: http_conn_manager_listener_prefix
   19     regex: '^listener(?=\.).*?\.http\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)'
   20   - tag_name: http_conn_manager_prefix
   21     regex: '^http\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)'
   22   - tag_name: listener_address
   23     regex: '^listener\.(((?:[_.[:digit:]]*|[_\[\]aAbBcCdDeEfF[:digit:]]*))\.)'
   24 static_resources:
   25   clusters:
   26   - name: prometheus_stats
   27     type: STATIC
   28     connect_timeout: 0.250s
   29     lb_policy: ROUND_ROBIN
   30     hosts:
   31     - socket_address:
   32         protocol: TCP
   33         address: "{{ .localhost }}"
   34         port_value: 15000
   35   - circuit_breakers:
   36       thresholds:
   37       - max_connections: 100000
   38         max_pending_requests: 100000
   39         max_requests: 100000
   40         max_retries: 3
   41     connect_timeout: 1.000s
   42     hosts:
   43     - pipe:
   44         path: /sock/mixer.socket
   45     http2_protocol_options: {}
   46     name: inbound_9092
   47 
   48   - name: sds-grpc
   49     type: STATIC
   50     http2_protocol_options: {}
   51     connect_timeout: 0.250s
   52     lb_policy: ROUND_ROBIN
   53     hosts:
   54     - pipe:
   55         path: "/etc/istio/proxy/SDS"
   56 
   57   - circuit_breakers:
   58       thresholds:
   59       - max_connections: 100000
   60         max_pending_requests: 100000
   61         max_requests: 100000
   62         max_retries: 3
   63     connect_timeout: 1.000s
   64     hosts:
   65     - socket_address:
   66         address: istio-telemetry
   67         port_value: 15004
   68     http2_protocol_options: {}
   69     name: mixer_report_server
   70 {{- if .ControlPlaneAuth }}
   71     tls_context:
   72       common_tls_context:
   73         tls_certificate_sds_secret_configs:
   74         - name: default
   75           sds_config:
   76             api_config_source:
   77               api_type: GRPC
   78               grpc_services:
   79               - envoy_grpc:
   80                   cluster_name: sds-grpc
   81         combined_validation_context:
   82           default_validation_context:
   83             verify_subject_alt_name:
   84             - {{ .MixerSubjectAltName }}
   85           validation_context_sds_secret_config:
   86             name: ROOTCA
   87             sds_config:
   88               api_config_source:
   89                 api_type: GRPC
   90                 grpc_services:
   91                 - envoy_grpc:
   92                     cluster_name: sds-grpc
   93 {{- end }}
   94     type: STRICT_DNS
   95     dns_lookup_family: "{{ .dns_lookup_family }}"
   96   listeners:
   97   - address:
   98       socket_address:
   99         protocol: TCP
  100         address: "{{ .wildcard }}"
  101         port_value: 15090
  102     filter_chains:
  103     - filters:
  104       - name: envoy.http_connection_manager
  105         config:
  106           codec_type: AUTO
  107           stat_prefix: stats
  108           route_config:
  109             virtual_hosts:
  110             - name: backend
  111               domains:
  112               - '*'
  113               routes:
  114               - match:
  115                   prefix: /stats/prometheus
  116                 route:
  117                   cluster: prometheus_stats
  118           http_filters:
  119           - name: envoy.router
  120   - address:
  121       socket_address:
  122         address: "{{ .wildcard }}"
  123         port_value: 15004
  124     filter_chains:
  125     - filters:
  126       - config:
  127           codec_type: HTTP2
  128           http2_protocol_options:
  129             max_concurrent_streams: 1073741824
  130           generate_request_id: true
  131           http_filters:
  132           - config:
  133               default_destination_service: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  134               service_configs:
  135                 istio-policy.{{ .PodNamespace }}.svc.cluster.local:
  136                   disable_check_calls: true
  137 {{- if .DisableReportCalls }}
  138                   disable_report_calls: true
  139 {{- end }}
  140                   mixer_attributes:
  141                     attributes:
  142                       destination.service.host:
  143                         string_value: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  144                       destination.service.uid:
  145                         string_value: istio://{{ .PodNamespace }}/services/istio-policy
  146                       destination.service.name:
  147                         string_value: istio-policy
  148                       destination.service.namespace:
  149                         string_value: {{ .PodNamespace }}
  150                       destination.uid:
  151                         string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  152                       destination.namespace:
  153                         string_value: {{.PodNamespace }}
  154                       destination.ip:
  155                         bytes_value: {{ .PodIP }}
  156                       destination.port:
  157                         int64_value: 15004
  158                       context.reporter.kind:
  159                         string_value: inbound
  160                       context.reporter.uid:
  161                         string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  162               transport:
  163                 check_cluster: mixer_check_server
  164                 report_cluster: mixer_report_server
  165                 attributes_for_mixer_proxy:
  166                   attributes:
  167                     source.uid:
  168                       string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  169             name: mixer
  170           - name: envoy.router
  171           route_config:
  172             name: "15004"
  173             virtual_hosts:
  174             - domains:
  175               - '*'
  176               name: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  177               routes:
  178               - decorator:
  179                   operation: Check
  180                 match:
  181                   prefix: /
  182                 route:
  183                   cluster: inbound_9092
  184                   timeout: 0.000s
  185           stat_prefix: "15004"
  186         name: envoy.http_connection_manager
  187 {{- if .ControlPlaneAuth }}
  188       tls_context:
  189         require_client_certificate: true
  190         common_tls_context:
  191           alpn_protocols:
  192           - h2
  193           tls_certificate_sds_secret_configs:
  194           - name: default
  195             sds_config:
  196               api_config_source:
  197                 api_type: GRPC
  198                 grpc_services:
  199                 - envoy_grpc:
  200                     cluster_name: sds-grpc
  201           validation_context_sds_secret_config:
  202             name: ROOTCA
  203             sds_config:
  204               api_config_source:
  205                 api_type: GRPC
  206                 grpc_services:
  207                 - envoy_grpc:
  208                     cluster_name: sds-grpc
  209 {{- end }}
  210     name: "15004"
  211   - address:
  212       socket_address:
  213         address: "{{ .wildcard }}"
  214         port_value: 9091
  215     filter_chains:
  216     - filters:
  217       - config:
  218           codec_type: HTTP2
  219           http2_protocol_options:
  220             max_concurrent_streams: 1073741824
  221           generate_request_id: true
  222           http_filters:
  223           - config:
  224               default_destination_service: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  225               service_configs:
  226                 istio-policy.{{ .PodNamespace }}.svc.cluster.local:
  227                   disable_check_calls: true
  228 {{- if .DisableReportCalls }}
  229                   disable_report_calls: true
  230 {{- end }}
  231                   mixer_attributes:
  232                     attributes:
  233                       destination.service.host:
  234                         string_value: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  235                       destination.service.uid:
  236                         string_value: istio://{{ .PodNamespace }}/services/istio-policy
  237                       destination.service.name:
  238                         string_value: istio-policy
  239                       destination.service.namespace:
  240                         string_value: {{ .PodNamespace }}
  241                       destination.uid:
  242                         string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  243                       destination.namespace:
  244                         string_value: {{.PodNamespace }}
  245                       destination.ip:
  246                         bytes_value: {{ .PodIP }}
  247                       destination.port:
  248                         int64_value: 9091
  249                       context.reporter.kind:
  250                         string_value: inbound
  251                       context.reporter.uid:
  252                         string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  253               transport:
  254                 check_cluster: mixer_check_server
  255                 report_cluster: mixer_report_server
  256                 attributes_for_mixer_proxy:
  257                   attributes:
  258                     source.uid:
  259                       string_value: kubernetes://{{ .PodName }}.{{ .PodNamespace }}
  260             name: mixer
  261           - name: envoy.router
  262           route_config:
  263             name: "9091"
  264             virtual_hosts:
  265             - domains:
  266               - '*'
  267               name: istio-policy.{{ .PodNamespace }}.svc.cluster.local
  268               routes:
  269               - decorator:
  270                   operation: Check
  271                 match:
  272                   prefix: /
  273                 route:
  274                   cluster: inbound_9092
  275                   timeout: 0.000s
  276           stat_prefix: "9091"
  277         name: envoy.http_connection_manager
  278     name: "9091"