diff options
Diffstat (limited to 'etc/envoy/envoy.yaml')
| -rw-r--r-- | etc/envoy/envoy.yaml | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/etc/envoy/envoy.yaml b/etc/envoy/envoy.yaml index 19df6a4f..bfe2ce16 100644 --- a/etc/envoy/envoy.yaml +++ b/etc/envoy/envoy.yaml @@ -34,6 +34,37 @@ static_resources: address: socket_address: address: 127.0.0.1 + port_value: 50052 + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} + health_checks: + - timeout: 3s + interval: 5s + unhealthy_threshold: 2 + healthy_threshold: 2 + grpc_health_check: {} + circuit_breakers: + thresholds: + - priority: DEFAULT + max_connections: 1024 + max_pending_requests: 1024 + max_requests: 1024 + max_retries: 3 + - name: spicedb + connect_timeout: 5s + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: spicedb + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 port_value: 50051 typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: @@ -120,14 +151,21 @@ static_resources: key: "x-xss-protection" value: "1; mode=block" virtual_hosts: - - name: backend + - name: grpc_services domains: ["*"] routes: + # Route ext_authz to authzd - match: - prefix: "/" + prefix: "/envoy.service.auth.v3.Authorization/" route: cluster: authzd timeout: 30s + # Default route - everything else goes to SpiceDB + - match: + prefix: "/" + route: + cluster: spicedb + timeout: 30s retry_policy: retry_on: "5xx,reset,connect-failure,retriable-status-codes" num_retries: 3 |