forked from TrueCloudLab/certificates
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
|
static_resources:
|
||
|
listeners:
|
||
|
- address:
|
||
|
socket_address:
|
||
|
address: 0.0.0.0
|
||
|
port_value: 443
|
||
|
filter_chains:
|
||
|
- filters:
|
||
|
- name: envoy.http_connection_manager
|
||
|
config:
|
||
|
codec_type: auto
|
||
|
stat_prefix: ingress_http
|
||
|
route_config:
|
||
|
name: hello
|
||
|
virtual_hosts:
|
||
|
- name: hello
|
||
|
domains:
|
||
|
- "hello-mtls.default.svc.cluster.local"
|
||
|
routes:
|
||
|
- match:
|
||
|
prefix: "/"
|
||
|
route:
|
||
|
cluster: hello-mTLS
|
||
|
http_filters:
|
||
|
- name: envoy.router
|
||
|
config: {}
|
||
|
tls_context:
|
||
|
common_tls_context:
|
||
|
tls_params:
|
||
|
tls_minimum_protocol_version: TLSv1_2
|
||
|
tls_maximum_protocol_version: TLSv1_3
|
||
|
cipher_suites: "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]"
|
||
|
tls_certificates:
|
||
|
- certificate_chain:
|
||
|
filename: "/var/run/autocert.step.sm/site.crt"
|
||
|
private_key:
|
||
|
filename: "/var/run/autocert.step.sm/site.key"
|
||
|
validation_context:
|
||
|
trusted_ca:
|
||
|
filename: "/var/run/autocert.step.sm/root.crt"
|
||
|
require_client_certificate: true
|
||
|
clusters:
|
||
|
- name: hello-mTLS
|
||
|
connect_timeout: 0.25s
|
||
|
type: strict_dns
|
||
|
lb_policy: round_robin
|
||
|
hosts:
|
||
|
- socket_address:
|
||
|
address: 127.0.0.1
|
||
|
port_value: 8080
|