Last active
August 12, 2024 19:36
-
-
Save poolski/9318b70285379d884422b2419c0325c9 to your computer and use it in GitHub Desktop.
Sample Envoy Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Envoy requires this to be configured, even if you don't intend to use the admin interface. | |
| admin: | |
| access_log_path: "/var/log/envoy/envoy-admin.log" | |
| address: | |
| socket_address: | |
| address: 127.0.0.1 | |
| port_value: 8001 | |
| # Identify your node/pod/instance/whatever. | |
| node: | |
| cluster: production | |
| id: my-service-node-1 | |
| # Set up stats sink(s). This example uses statsD but more can be found here: | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/metrics/v2/stats.proto | |
| stats_sinks: | |
| - name: envoy.statsd | |
| config: | |
| address: | |
| socket_address: | |
| address: 127.0.0.1 | |
| port_value: 8125 | |
| stats_config: | |
| stats_matcher: | |
| exclusion_list: | |
| # A sample list of values that we're not shipping to the statsD sink because we don't need them. | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/type/matcher/string.proto#envoy-api-msg-type-matcher-liststringmatcher | |
| patterns: | |
| - regex: cluster.([^.]*).update_attempt$ | |
| - regex: cluster.([^.]*).update_no_rebuild$ | |
| - regex: cluster.([^.]*).max_host_weight$ | |
| - regex: cluster.([^.]*).health_check.attempt | |
| - regex: cluster.([^.]*).membership_total | |
| static_resources: | |
| listeners: | |
| - name: internal-grpc-traffic | |
| address: | |
| socket_address: | |
| # The address and port you want Envoy to listen on. | |
| # You can specify multiple listeners, each with their own filter chains. | |
| address: 127.0.0.1 | |
| port_value: 8888 | |
| filter_chains: | |
| - filters: | |
| # Create an instance of the HTTP connection manager built-in filter. More here: | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/listener/listener.proto#envoy-api-msg-listener-filter | |
| - name: envoy.http_connection_manager | |
| config: | |
| access_log: | |
| - name: envoy.file_access_log | |
| config: | |
| path: "/var/log/envoy/access.log" | |
| # A slightly better-structure log format, using JSON rather than the default combined log format. | |
| # This allows us to pipe the log output through something like JQ to make log events more readable | |
| # See https://www.envoyproxy.io/docs/envoy/v1.9.0/configuration/access_log#config-access-log | |
| # for more fomatting options. | |
| json_format: | |
| start_time: "%START_TIME%" | |
| request_id: "%REQ(REQUEST-ID)%" | |
| caller: "%REQ(CALLER)%" | |
| request_method: "%REQ(:METHOD)%" | |
| request_path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" | |
| content_type: "%REQ(CONTENT-TYPE)%" | |
| protocol: "%PROTOCOL%" | |
| response_code: "%RESPONSE_CODE%" | |
| response_flags: "%RESPONSE_FLAGS%" | |
| bytes_sent: "%BYTES_SENT%" | |
| bytes_received: "%BYTES_RECEIVED%" | |
| request_duration: "%DURATION%" | |
| response_duration: "%RESPONSE_DURATION%" | |
| upstream_response_time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" | |
| client_address: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%" | |
| x_forwarded_for: "%REQ(X-FORWARDED-FOR)%" | |
| user_agent: "%REQ(USER-AGENT)%" | |
| http2_authority: "%REQ(:AUTHORITY)%" | |
| upstream_cluster: "%UPSTREAM_CLUSTER%" | |
| upstream_host: "%UPSTREAM_HOST%" | |
| stat_prefix: ingress_grpc | |
| codec_type: AUTO | |
| route_config: | |
| name: local_route | |
| # Create your virtual hosts here. You can specify multiple domains to match on | |
| # or you can use path-based routing if that's easier. More detailed docs here: | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/route/route.proto#route-virtualhost | |
| virtual_hosts: | |
| - name: awesome-service | |
| # Which Host or :authority headers are you matching? | |
| domains: | |
| - awesome-service.envoy.example.com | |
| routes: | |
| # You can match on the root of the domain or get really creative: | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/route/route.proto#envoy-api-msg-route-routematch | |
| - match: | |
| prefix: "/" | |
| grpc: {} | |
| # Where should matching requests be sent? | |
| # https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/api/v2/route/route.proto#envoy-api-msg-route-routeaction | |
| route: | |
| cluster: awesome-service-grpc | |
| timeout: | |
| seconds: 15 | |
| # Use the built-in 'router' resource | |
| http_filters: | |
| - name: envoy.router | |
| # Set up your TLS certificates here. | |
| tls_context: | |
| common_tls_context: | |
| alpn_protocols: h2 | |
| tls_certificates: | |
| - certificate_chain: | |
| filename: "/etc/envoy/ssl/wildcard.envoy.crt" | |
| private_key: | |
| filename: "/etc/envoy/ssl/wildcard.envoy.key" | |
| clusters: | |
| # Set up your cluster parameters here. | |
| - name: awesome-service-grpc | |
| connect_timeout: 0.5s | |
| http2_protocol_options: {} | |
| type: strict_dns # Strict DNS allows for DNS lookups rather than hard-coding IPs | |
| lb_policy: round_robin | |
| health_checks: # Not absolutely necessary, but useful to explicitly configure. | |
| - grpc_health_check: | |
| authority: awesome-service.internal-domain.com # Custom HTTP/2 :authority header | |
| timeout: 1s | |
| interval: 2s | |
| interval_jitter: 1s | |
| healthy_threshold: 3 | |
| unhealthy_threshold: 3 | |
| event_log_path: "/var/log/envoy/healthcheck.log" | |
| tls_context: # What Host header should **Envoy** send to the upstream service? | |
| sni: awesome-service.internal-domain.com | |
| hosts: | |
| - socket_address: | |
| address: awesome-service.service.consul # Where is the gRPC service located? Let's ask Consul. | |
| port_value: 5100 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment