diff options
| author | mo khan <mo@mokhan.ca> | 2025-05-12 13:24:37 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-05-12 13:24:37 -0600 |
| commit | 251539d40e89b3bc91dea14ed6afb311788962df (patch) | |
| tree | a6fdd06f7ebc4e05a3d3588fd31c5d3793dd454e /envoy.yml | |
| parent | d4bf23c2e05b3aa01885ab1eeb8ff04c539cceda (diff) | |
refactor: mimic target deployment filesystem
Diffstat (limited to 'envoy.yml')
| -rw-r--r-- | envoy.yml | 174 |
1 files changed, 0 insertions, 174 deletions
diff --git a/envoy.yml b/envoy.yml deleted file mode 100644 index 3c8df3a..0000000 --- a/envoy.yml +++ /dev/null @@ -1,174 +0,0 @@ -admin: - address: - socket_address: - address: 0.0.0.0 - port_value: 9901 -static_resources: - clusters: - - name: sparkle - connect_timeout: 0.25s - type: STRICT_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: sparkle - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: localhost - port_value: 8080 - - name: oidc - connect_timeout: 5s - type: LOGICAL_DNS - lb_policy: ROUND_ROBIN - load_assignment: - cluster_name: oidc - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: example.com - port_value: 443 - hostname: example.com - transport_socket: - name: envoy.transport_sockets.tls - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - sni: example.com - listeners: - - name: listener_0 - address: - socket_address: - protocol: TCP - address: 0.0.0.0 - port_value: 10000 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - log_format: - json_format: - timestamp: "%START_TIME%" - client_ip: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%" - authority: "%REQ(:AUTHORITY)%" - protocol: "%PROTOCOL%" - method: "%REQ(:METHOD)%" - path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" - request_id: "%REQ(X-REQUEST-ID)%" - response_code: "%RESPONSE_CODE%" - bytes_received: "%BYTES_RECEIVED%" - bytes_sent: "%BYTES_SENT%" - duration: "%DURATION%" - forwarded_for: "%REQ(X-FORWARDED-FOR)%" - user_agent: "%REQ(USER-AGENT)%" - codec_type: AUTO - http_filters: - - name: envoy.filters.http.oauth2 - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2 - config: - auth_scopes: - - email - - openid - - profile - auth_type: BASIC_AUTH - authorization_endpoint: "https://example.com/oauth/authorize" - credentials: - client_id: "OAUTH_CLIENT_ID" - cookie_names: - bearer_token: bearer_token - oauth_hmac: oauth_hmac - oauth_expires: oauth_expires - id_token: id_token - refresh_token: refresh_token - oauth_nonce: oauth_nonce - # code_verifier: code_verifier - token_secret: - name: client_secret - hmac_secret: - name: hmac_secret - forward_bearer_token: true - pass_through_matcher: - - name: ":path" - safe_regex_match: - regex: .*\\.(css|js|png|html|ico)$ - - name: ":path" - string_match: - exact: "/health" - - name: ":path" - string_match: - exact: "/" - - name: ":path" - string_match: - exact: "/sparkles" - - name: ":path" - string_match: - exact: "/sparkles/restore" - - name: ":path" - string_match: - exact: "/dashboard/nav" - redirect_path_matcher: - path: - exact: /callback - redirect_uri: "%REQ(x-forwarded-proto)%://%REQ(:authority)%/callback" - signout_path: - path: - exact: /signout - token_endpoint: - cluster: oidc - uri: "https://example.com/oauth/token" - timeout: 5s - use_refresh_token: true - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - upstream_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog - log_format: - json_format: - timestamp: "%START_TIME%" - client_ip: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%" - authority: "%REQ(:AUTHORITY)%" - protocol: "%PROTOCOL%" - method: "%REQ(:METHOD)%" - path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" - request_id: "%REQ(X-REQUEST-ID)%" - response_code: "%RESPONSE_CODE%" - bytes_received: "%BYTES_RECEIVED%" - bytes_sent: "%BYTES_SENT%" - duration: "%DURATION%" - forwarded_for: "%REQ(X-FORWARDED-FOR)%" - user_agent: "%REQ(USER-AGENT)%" - suppress_envoy_headers: true - route_config: - virtual_hosts: - - name: local - domains: ["*"] - routes: - - match: - prefix: "/" - route: - cluster: sparkle - timeout: 5s - retry_policy: - retry_on: "5xx" - num_retries: 3 - stat_prefix: ingress_http - secrets: - - name: client_secret - generic_secret: - secret: - environment_variable: OAUTH_CLIENT_SECRET - - name: hmac_secret - generic_secret: - secret: - environment_variable: HMAC_SESSION_SECRET |