Created
February 8, 2019 01:07
-
-
Save dicarlo2/edb2aa595e83e29d0d4e852360fb7a65 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "10.0.3.50_3000", | |
| "address": { | |
| "socketAddress": { | |
| "address": "10.0.3.50", | |
| "portValue": 3000 | |
| } | |
| }, | |
| "filterChains": [ | |
| { | |
| "tlsContext": { | |
| "commonTlsContext": { | |
| "tlsCertificates": [ | |
| { | |
| "certificateChain": { | |
| "filename": "/etc/certs/cert-chain.pem" | |
| }, | |
| "privateKey": { | |
| "filename": "/etc/certs/key.pem" | |
| } | |
| } | |
| ], | |
| "validationContext": { | |
| "trustedCa": { | |
| "filename": "/etc/certs/root-cert.pem" | |
| } | |
| }, | |
| "alpnProtocols": [ | |
| "h2", | |
| "http/1.1" | |
| ] | |
| }, | |
| "requireClientCertificate": true | |
| }, | |
| "filters": [ | |
| { | |
| "name": "envoy.http_connection_manager", | |
| "config": { | |
| "access_log": [ | |
| { | |
| "config": { | |
| "json_format": { | |
| "authority": "%REQ(:AUTHORITY)%", | |
| "bytes_received": "%BYTES_RECEIVED%", | |
| "bytes_sent": "%BYTES_SENT%", | |
| "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", | |
| "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", | |
| "duration": "%DURATION%", | |
| "method": "%START_TIME%", | |
| "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", | |
| "protocol": "%PROTOCOL%", | |
| "request_id": "%REQ(X-REQUEST-ID)%", | |
| "requested_server_name": "%REQUESTED_SERVER_NAME%", | |
| "response_code": "%RESPONSE_CODE%", | |
| "response_flags": "%RESPONSE_FLAGS%", | |
| "start_time": "%START_TIME%", | |
| "upstream_cluster": "%UPSTREAM_CLUSTER%", | |
| "upstream_host": "%UPSTREAM_HOST%", | |
| "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", | |
| "upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%", | |
| "user_agent": "%REQ(USER-AGENT)%", | |
| "x_forwarded_for": "%REQ(X-FORWARDED-FOR)%" | |
| }, | |
| "path": "/dev/stdout" | |
| }, | |
| "name": "envoy.file_access_log" | |
| } | |
| ], | |
| "forward_client_cert_details": "APPEND_FORWARD", | |
| "generate_request_id": true, | |
| "http_filters": [ | |
| { | |
| "config": { | |
| "policy": { | |
| "peers": [ | |
| { | |
| "mtls": {} | |
| } | |
| ] | |
| } | |
| }, | |
| "name": "istio_authn" | |
| }, | |
| { | |
| "config": { | |
| "rules": { | |
| "policies": { | |
| "kiali.monitoring-potato-beetle-grafana.monitoring-potato-beetle": { | |
| "permissions": [ | |
| { | |
| "and_rules": { | |
| "rules": [ | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "header": { | |
| "exact_match": "GET", | |
| "name": ":method" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "destination_port": 3000 | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ], | |
| "principals": [ | |
| { | |
| "and_ids": { | |
| "ids": [ | |
| { | |
| "metadata": { | |
| "filter": "istio_authn", | |
| "path": [ | |
| { | |
| "key": "source.principal" | |
| } | |
| ], | |
| "value": { | |
| "string_match": { | |
| "exact": "cluster.local/ns/monitoring-potato-beetle/sa/kiali-service-account" | |
| } | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| }, | |
| "prometheus.monitoring-potato-beetle-grafana.monitoring-potato-beetle.secure": { | |
| "permissions": [ | |
| { | |
| "and_rules": { | |
| "rules": [ | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "header": { | |
| "exact_match": "GET", | |
| "name": ":method" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "destination_port": 3000 | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ], | |
| "principals": [ | |
| { | |
| "and_ids": { | |
| "ids": [ | |
| { | |
| "metadata": { | |
| "filter": "istio_authn", | |
| "path": [ | |
| { | |
| "key": "source.principal" | |
| } | |
| ], | |
| "value": { | |
| "string_match": { | |
| "exact": "cluster.local/ns/monitoring-potato-beetle/sa/prometheus-service-account" | |
| } | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| }, | |
| "sso-proxy.ingress-grafana.monitoring-potato-beetle": { | |
| "permissions": [ | |
| { | |
| "and_rules": { | |
| "rules": [ | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "header": { | |
| "name": ":method", | |
| "present_match": true | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "or_rules": { | |
| "rules": [ | |
| { | |
| "destination_port": 3000 | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ], | |
| "principals": [ | |
| { | |
| "and_ids": { | |
| "ids": [ | |
| { | |
| "metadata": { | |
| "filter": "istio_authn", | |
| "path": [ | |
| { | |
| "key": "source.principal" | |
| } | |
| ], | |
| "value": { | |
| "string_match": { | |
| "exact": "cluster.local/ns/ingress/sa/sso-proxy-service-account" | |
| } | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| }, | |
| "name": "envoy.filters.http.rbac" | |
| }, | |
| { | |
| "config": { | |
| "default_destination_service": "default", | |
| "mixer_attributes": { | |
| "attributes": { | |
| "context.reporter.kind": { | |
| "string_value": "inbound" | |
| }, | |
| "context.reporter.uid": { | |
| "string_value": "kubernetes://grafana-0.monitoring-potato-beetle" | |
| }, | |
| "destination.ip": { | |
| "bytes_value": "AAAAAAAAAAAAAP//CgADMg==" | |
| }, | |
| "destination.namespace": { | |
| "string_value": "monitoring-potato-beetle" | |
| }, | |
| "destination.port": { | |
| "int64_value": "3000" | |
| }, | |
| "destination.uid": { | |
| "string_value": "kubernetes://grafana-0.monitoring-potato-beetle" | |
| } | |
| } | |
| }, | |
| "service_configs": { | |
| "default": {} | |
| }, | |
| "transport": { | |
| "check_cluster": "outbound|15004||istio-policy.istio-system.svc.cluster.local", | |
| "network_fail_policy": { | |
| "policy": "FAIL_CLOSE" | |
| }, | |
| "report_cluster": "outbound|15004||istio-telemetry.istio-system.svc.cluster.local" | |
| } | |
| }, | |
| "name": "mixer" | |
| }, | |
| { | |
| "name": "envoy.cors" | |
| }, | |
| { | |
| "name": "envoy.fault" | |
| }, | |
| { | |
| "name": "envoy.router" | |
| } | |
| ], | |
| "route_config": { | |
| "name": "inbound|3000|http-prom|grafana-0.monitoring-potato-beetle.svc.cluster.local", | |
| "validate_clusters": false, | |
| "virtual_hosts": [ | |
| { | |
| "domains": [ | |
| "*" | |
| ], | |
| "name": "inbound|http|3000", | |
| "routes": [ | |
| { | |
| "decorator": { | |
| "operation": "grafana-0.monitoring-potato-beetle.svc.cluster.local:3000/*" | |
| }, | |
| "match": { | |
| "prefix": "/" | |
| }, | |
| "per_filter_config": { | |
| "mixer": { | |
| "mixer_attributes": { | |
| "attributes": { | |
| "destination.service.host": { | |
| "string_value": "grafana-0.monitoring-potato-beetle.svc.cluster.local" | |
| }, | |
| "destination.service.name": { | |
| "string_value": "grafana-0" | |
| }, | |
| "destination.service.namespace": { | |
| "string_value": "monitoring-potato-beetle" | |
| }, | |
| "destination.service.uid": { | |
| "string_value": "istio://monitoring-potato-beetle/services/grafana-0" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "route": { | |
| "cluster": "inbound|3000|http-prom|grafana-0.monitoring-potato-beetle.svc.cluster.local", | |
| "max_grpc_timeout": "0s", | |
| "timeout": "0s" | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| }, | |
| "server_name": "istio-envoy", | |
| "set_current_client_cert_details": { | |
| "dns": true, | |
| "subject": true, | |
| "uri": true | |
| }, | |
| "stat_prefix": "10.0.3.50_3000", | |
| "stream_idle_timeout": "0s", | |
| "tracing": { | |
| "client_sampling": { | |
| "value": 100 | |
| }, | |
| "overall_sampling": { | |
| "value": 100 | |
| }, | |
| "random_sampling": { | |
| "value": 100 | |
| } | |
| }, | |
| "upgrade_configs": [ | |
| { | |
| "upgrade_type": "websocket" | |
| } | |
| ], | |
| "use_remote_address": false | |
| } | |
| } | |
| ] | |
| } | |
| ], | |
| "deprecatedV1": { | |
| "bindToPort": false | |
| }, | |
| "listenerFilters": [ | |
| { | |
| "name": "envoy.listener.tls_inspector" | |
| } | |
| ] | |
| }, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment