certificates/autocert/examples/hello-mtls/envoy/server.yaml

50 lines
1.5 KiB
YAML
Raw Normal View History

static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 443
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: hello
virtual_hosts:
- name: hello
domains:
- "hello-mtls.default.svc.cluster.local"
routes:
- match:
prefix: "/"
route:
cluster: hello-mTLS
http_filters:
- name: envoy.router
config: {}
tls_context:
common_tls_context:
tls_params:
tls_minimum_protocol_version: TLSv1_2
tls_maximum_protocol_version: TLSv1_3
cipher_suites: "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]"
tls_certificates:
- certificate_chain:
filename: "/var/run/autocert.step.sm/site.crt"
private_key:
filename: "/var/run/autocert.step.sm/site.key"
validation_context:
trusted_ca:
filename: "/var/run/autocert.step.sm/root.crt"
require_client_certificate: true
clusters:
- name: hello-mTLS
connect_timeout: 0.25s
type: strict_dns
lb_policy: round_robin
hosts:
- socket_address:
address: 127.0.0.1
port_value: 8080