samples/todolist/src/config/gateway/envoy.yaml
##
# Copyright © 2020, The Gust Framework Authors. All rights reserved.
#
# The Gust/Elide framework and tools, and all associated source or object computer code, except where otherwise noted,
# are licensed under the Zero Prosperity license, which is enclosed in this repository, in the file LICENSE.txt. Use of
# this code in object or source form requires and implies consent and agreement to that license in principle and
# practice. Source or object code not listing this header, or unless specified otherwise, remain the property of
# Elide LLC and its suppliers, if any. The intellectual and technical concepts contained herein are proprietary to
# Elide LLC and its suppliers and may be covered by U.S. and Foreign Patents, or patents in process, and are protected
# by trade secret and copyright law. Dissemination of this information, or reproduction of this material, in any form,
# is strictly forbidden except in adherence with assigned license requirements.
##
admin:
access_log_path: /tmp/admin_access.log
address:
## Port 9901: Administration
socket_address: { address: 0.0.0.0, port_value: 9901 }
overload_manager:
refresh_interval: 0.25s
resource_monitors:
- name: "envoy.resource_monitors.fixed_heap"
config:
max_heap_size_bytes: 1073741824 # 1 GiB
actions:
- name: "envoy.overload_actions.shrink_heap"
triggers:
- name: "envoy.resource_monitors.fixed_heap"
threshold:
value: 0.95
- name: "envoy.overload_actions.stop_accepting_requests"
triggers:
- name: "envoy.resource_monitors.fixed_heap"
threshold:
value: 0.98
static_resources:
listeners:
## Port 8090: Healthcheck (HTTP /healthz)
- name: health_listener
address:
socket_address: { address: 0.0.0.0, port_value: 8090 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: AUTO
use_remote_address: true
stat_prefix: ingress_health
server_name: "K9 (v5)"
route_config:
name: local_health
virtual_hosts:
- name: health
domains:
- "*"
routes:
- match: { path: "/healthz" }
direct_response:
status: 200
body:
inline_string: "SERVICE_OK"
- match: { path: "/health" }
direct_response:
status: 200
body:
inline_string: "SERVICE_OK"
- match: { path: "/" }
direct_response:
status: 200
body:
inline_string: "SERVICE_OK"
http_filters:
- name: envoy.router
typed_config: {}
## Port 443: Todolist Application
- name: rpc_listener_tls
address:
socket_address: { address: 0.0.0.0, port_value: 8443 }
filter_chains:
- tls_context:
common_tls_context:
tls_certificates:
- certificate_chain:
filename: "/etc/ssl/tls.crt"
private_key:
filename: "/etc/ssl/tls.key"
alpn_protocols:
- h2
- http/1.1
filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: AUTO
use_remote_address: true
access_log:
- name: envoy.file_access_log
typed_config:
"@type": type.googleapis.com/envoy.config.accesslog.v2.FileAccessLog
path: "/dev/stdout"
stat_prefix: ingress_https
server_name: "K9 (v5)"
stream_idle_timeout: 900s # 15 mins, must be disabled for long-lived and streaming requests
request_timeout: 900s # 15 mins, must be disabled for long-lived and streaming requests
http2_protocol_options:
max_concurrent_streams: 100
initial_stream_window_size: 65536 # 64 KiB
initial_connection_window_size: 1048576 # 1 MiB
route_config:
name: local_route
virtual_hosts:
- name: app
domains:
- "todolist.apps.bloomworks.io"
- "*.todolist.apps.bloomworks.io"
- "*"
response_headers_to_remove:
- x-envoy-upstream-service-time
routes:
- match: { path: "/healthz" }
direct_response:
status: 200
body:
inline_string: "SERVICE_OK"
- match: { prefix: "/v1/" }
route:
cluster: esp
max_grpc_timeout: 60s
- match: { prefix: "/todolist.Tasks/" }
route:
cluster: rpc
max_grpc_timeout: 30s
- match: { prefix: "/grpc.reflection.v1alpha.ServerReflection/" }
route:
cluster: rpc
max_grpc_timeout: 10s
- match: { prefix: "/" }
route:
cluster: app
http_filters:
- name: envoy.filters.http.header_to_metadata
config:
request_rules:
- header: user-agent
on_header_present:
metadata_namespace: client
key: agent
type: STRING
on_header_missing:
metadata_namespace: client
key: agent
value: 'default'
type: STRING
remove: false
- header: x-api-key
on_header_present:
metadata_namespace: client
key: apikey
type: STRING
on_header_missing:
metadata_namespace: client
key: agent
value: 'no-key'
type: STRING
remove: false
- name: envoy.grpc_web
typed_config: {}
- name: envoy.grpc_http1_bridge
typed_config: {}
- name: envoy.gzip
typed_config:
"@type": type.googleapis.com/envoy.config.filter.http.gzip.v2.Gzip
memory_level: 9
window_bits: 15
content_length: 900
compression_level: SPEED
compression_strategy: DEFAULT
content_type:
- "application/javascript"
- "application/json"
- "application/xhtml+xml"
- "image/svg+xml"
- "text/css"
- "text/html"
- "text/plain"
- "text/xml"
- "application/grpc-web+proto"
- "application/grpc-web-text+proto"
- name: envoy.cors
typed_config: {}
- name: envoy.csrf
config:
filter_enabled:
default_value:
numerator: 0
denominator: HUNDRED
shadow_enabled:
default_value:
numerator: 100
denominator: HUNDRED
- name: envoy.router
typed_config: {}
clusters:
## Upstream: App Server
- name: app
connect_timeout: 0.25s
type: strict_dns
per_connection_buffer_limit_bytes: 32768 # 32 KiB
lb_policy: round_robin
dns_lookup_family: V4_ONLY
health_checks:
- timeout: 2s
interval: 6s
unhealthy_threshold: 2
healthy_threshold: 2
event_log_path: /dev/stdout
http_health_check:
path: "/health"
load_assignment:
cluster_name: app
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: todolist
port_value: 8080
## Upstream: API Server
- name: rpc
connect_timeout: 0.25s
type: strict_dns
per_connection_buffer_limit_bytes: 65536 # 64 KiB
http2_protocol_options: {}
lb_policy: round_robin
dns_lookup_family: V4_ONLY
health_checks:
- timeout: 2s
interval: 6s
unhealthy_threshold: 2
healthy_threshold: 2
tcp_health_check: {}
event_log_path: /dev/stdout
load_assignment:
cluster_name: rpc
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: todolist
port_value: 8083
## Upstream: Endpoints Service Proxy
- name: esp
connect_timeout: 0.25s
type: strict_dns
per_connection_buffer_limit_bytes: 32768 # 32 KiB
http2_protocol_options: {}
lb_policy: round_robin
dns_lookup_family: V4_ONLY
health_checks:
- timeout: 2s
interval: 6s
unhealthy_threshold: 2
healthy_threshold: 2
tcp_health_check: {}
event_log_path: /dev/stdout
load_assignment:
cluster_name: esp
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: esp
port_value: 8084