srenatus · October 27, 2020 18:52
diff --git a/envoy.config.yaml b/envoy.config.yaml
 admin:
  access_log_path: /dev/stdout
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

 static_resources:
  listeners:
  - name: listener1
    address:
      socket_address: { address: 0.0.0.0, port_value: 51051 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: grpc_json
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: grpc, timeout: { seconds: 60 } }
          http_filters:
          - name: envoy.ext_authz
            typed_config:
              '@type': type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz
              failure_mode_allow: false
              grpc_service:
                google_grpc:
                  stat_prefix: ext_authz
                  target_uri: unix:/Users/stephan/Misc/envoy/grpc_uds_extauth/opa.sock
              with_request_body:
                allow_partial_message: true
                max_request_bytes: 8192
          - name: envoy.filters.http.router

  clusters:
  - name: grpc
    connect_timeout: 1.25s
    type: logical_dns
    lb_policy: round_robin
    dns_lookup_family: V4_ONLY
    http2_protocol_options: {}
    load_assignment:
      cluster_name: grpc
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 9090
diff --git a/opa.config.yaml b/opa.config.yaml
 # note: I've run opa this way: `./opa_envoy_darwin_amd64 run -c opa.config -s --set=decision_logs.console=true`
 plugins:
    envoy_ext_authz_grpc:
        addr: "unix://opa.sock"
        path: envoy/authz/allow
        dry-run: false
        enable-reflection: true
	admin:
	access_log_path: /dev/stdout
	address:
	socket_address: { address: 0.0.0.0, port_value: 9901 }

	static_resources:
	listeners:
	- name: listener1
	address:
	socket_address: { address: 0.0.0.0, port_value: 51051 }
	filter_chains:
	- filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: grpc_json
	codec_type: AUTO
	route_config:
	name: local_route
	virtual_hosts:
	- name: local_service
	domains: ["*"]
	routes:
	- match: { prefix: "/" }
	route: { cluster: grpc, timeout: { seconds: 60 } }
	http_filters:
	- name: envoy.ext_authz
	typed_config:
	'@type': type.googleapis.com/envoy.config.filter.http.ext_authz.v2.ExtAuthz
	failure_mode_allow: false
	grpc_service:
	google_grpc:
	stat_prefix: ext_authz
	target_uri: unix:/Users/stephan/Misc/envoy/grpc_uds_extauth/opa.sock
	with_request_body:
	allow_partial_message: true
	max_request_bytes: 8192
	- name: envoy.filters.http.router

	clusters:
	- name: grpc
	connect_timeout: 1.25s
	type: logical_dns
	lb_policy: round_robin
	dns_lookup_family: V4_ONLY
	http2_protocol_options: {}
	load_assignment:
	cluster_name: grpc
	endpoints:
	- lb_endpoints:
	- endpoint:
	address:
	socket_address:
	address: 127.0.0.1
	port_value: 9090
	# note: I've run opa this way: `./opa_envoy_darwin_amd64 run -c opa.config -s --set=decision_logs.console=true`
	plugins:
	envoy_ext_authz_grpc:
	addr: "unix://opa.sock"
	path: envoy/authz/allow
	dry-run: false
	enable-reflection: true