Last active
May 31, 2018 17:37
-
-
Save incfly/490457130b76043bfc00282b89e6da35 to your computer and use it in GitHub Desktop.
Envoy Multiplexing Test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # download github envoy repo. | |
| cd ${PATH_TO_ENVOY_REPO} | |
| # build | |
| ./ci/run_envoy_docker.sh './ci/do_ci.sh bazel.dev' | |
| # start envoy with following config. | |
| /tmp/envoy-docker-build/envoy/source/exe/envoy-fastbuild -c configs/istio-multiplexing.yaml | |
| # Separate terminal. | |
| # TCP, should see google web page | |
| curl localhost:10000 | |
| # TLS, should see envoyproxy web page. | |
| curl --resolve server1.example.com:10000:127.0.0.1 https://server1.example.com:10000 --cacert test/common/ssl/test_data/ca_cert.pem | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin: | |
| access_log_path: /tmp/admin_access.log | |
| address: | |
| socket_address: { address: 127.0.0.1, port_value: 9901 } | |
| static_resources: | |
| listeners: | |
| - name: listener_0 | |
| address: | |
| socket_address: { address: 0.0.0.0, port_value: 10000 } | |
| listener_filters: | |
| - name: "envoy.listener.tls_inspector" | |
| config: {} | |
| filter_chains: | |
| - filter_chain_match: | |
| transport_protocol: "raw_buffer" | |
| filters: | |
| - name: envoy.http_connection_manager | |
| config: | |
| stat_prefix: ingress_http | |
| codec_type: AUTO | |
| route_config: | |
| name: local_route | |
| virtual_hosts: | |
| - name: local_service | |
| domains: ["*"] | |
| routes: | |
| - match: { prefix: "/" } | |
| route: { host_rewrite: www.google.com, cluster: service_google } | |
| http_filters: | |
| - name: envoy.router | |
| - filter_chain_match: | |
| transport_protocol: "tls" | |
| tls_context: | |
| common_tls_context: | |
| tls_certificates: | |
| - certificate_chain: { filename: "test/common/ssl/test_data/san_dns_cert.pem" } | |
| private_key: { filename: "test/common/ssl/test_data/san_dns_key.pem" } | |
| filters: | |
| - name: envoy.http_connection_manager | |
| config: | |
| stat_prefix: ingress_http | |
| codec_type: AUTO | |
| route_config: | |
| name: local_route | |
| virtual_hosts: | |
| - name: local_service | |
| domains: ["*"] | |
| routes: | |
| - match: { prefix: "/" } | |
| route: { host_rewrite: www.envoyproxy.io, cluster: service_envoy } | |
| http_filters: | |
| - name: envoy.router | |
| clusters: | |
| - name: service_google | |
| connect_timeout: 0.25s | |
| type: LOGICAL_DNS | |
| # Comment out the following line to test on v6 networks | |
| dns_lookup_family: V4_ONLY | |
| lb_policy: ROUND_ROBIN | |
| hosts: [{ socket_address: { address: google.com, port_value: 443 }}] | |
| tls_context: { sni: www.google.com } | |
| - name: service_envoy | |
| connect_timeout: 0.25s | |
| type: LOGICAL_DNS | |
| # Comment out the following line to test on v6 networks | |
| dns_lookup_family: V4_ONLY | |
| lb_policy: ROUND_ROBIN | |
| hosts: [{ socket_address: { address: envoyproxy.io, port_value: 443 }}] | |
| tls_context: { sni: envoyproxy.io } |
@PiotrSikora Yeah, saw the PR has been update with new transport_protocol values. Updated, I'll try it again, but I assume no other changes for the config?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@incfly you should replace
"TCP"with"raw_buffer"and"TLS"with"tls"(lower-case).