Created
January 28, 2024 21:04
-
-
Save zetaab/e70547adb70a8de61765387f36e8c23f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: echoserver-int | |
| namespace: echoserver | |
| spec: | |
| parentRefs: | |
| - name: internal | |
| namespace: envoy-gateway-system-internal | |
| sectionName: https | |
| hostnames: | |
| - eg-int.example.com | |
| rules: | |
| - backendRefs: | |
| - group: "" | |
| kind: Service | |
| name: echoserver | |
| port: 80 | |
| weight: 1 | |
| matches: | |
| - path: | |
| type: PathPrefix | |
| value: / | |
| --- | |
| apiVersion: gateway.envoyproxy.io/v1alpha1 | |
| kind: SecurityPolicy | |
| metadata: | |
| name: echoserver-int-oidc | |
| namespace: echoserver | |
| spec: | |
| targetRef: | |
| group: gateway.networking.k8s.io | |
| kind: HTTPRoute | |
| name: echoserver-int | |
| oidc: | |
| provider: | |
| issuer: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-xxx | |
| clientID: xx | |
| scopes: | |
| - openid | |
| - profile | |
| clientSecret: | |
| group: "" | |
| kind: Secret | |
| name: my-cognito-client-secret | |
| jwt: | |
| providers: | |
| - name: cognito | |
| claimToHeaders: | |
| - claim: sub | |
| header: x-sub | |
| remoteJWKS: | |
| uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-xxx/.well-known/jwks.json | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: echoserver-ext | |
| namespace: echoserver | |
| spec: | |
| parentRefs: | |
| - name: external | |
| namespace: envoy-gateway-system-external | |
| sectionName: https | |
| hostnames: | |
| - eg-ext.example.com | |
| rules: | |
| - backendRefs: | |
| - group: "" | |
| kind: Service | |
| name: echoserver | |
| port: 80 | |
| weight: 1 | |
| matches: | |
| - path: | |
| type: PathPrefix | |
| value: / | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: GatewayClass | |
| metadata: | |
| name: internal | |
| spec: | |
| controllerName: gateway.envoyproxy.io/gatewayclass-controller-internal | |
| parametersRef: | |
| group: gateway.envoyproxy.io | |
| kind: EnvoyProxy | |
| name: custom-proxy-config | |
| namespace: envoy-gateway-system-internal | |
| --- | |
| apiVersion: gateway.envoyproxy.io/v1alpha1 | |
| kind: EnvoyProxy | |
| metadata: | |
| name: custom-proxy-config | |
| namespace: envoy-gateway-system-internal | |
| spec: | |
| provider: | |
| type: Kubernetes | |
| kubernetes: | |
| envoyDeployment: | |
| replicas: 1 | |
| container: | |
| resources: | |
| requests: | |
| cpu: 250m | |
| memory: 250Mi | |
| limits: | |
| cpu: 500m | |
| memory: 500Mi | |
| --- | |
| apiVersion: gateway.envoyproxy.io/v1alpha1 | |
| kind: ClientTrafficPolicy | |
| metadata: | |
| name: enable-proxy-protocol-policy | |
| namespace: envoy-gateway-system-internal | |
| spec: | |
| targetRef: | |
| group: gateway.networking.k8s.io | |
| kind: Gateway | |
| name: internal | |
| namespace: envoy-gateway-system-internal | |
| enableProxyProtocol: true | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: Gateway | |
| metadata: | |
| name: internal | |
| namespace: envoy-gateway-system-internal | |
| spec: | |
| gatewayClassName: internal | |
| listeners: | |
| - name: http | |
| protocol: HTTP | |
| port: 80 | |
| allowedRoutes: | |
| namespaces: | |
| from: All | |
| - name: https | |
| protocol: HTTPS | |
| port: 443 | |
| allowedRoutes: | |
| namespaces: | |
| from: All | |
| tls: | |
| mode: Terminate | |
| certificateRefs: | |
| - kind: Secret | |
| group: "" | |
| name: default-tls | |
| namespace: envoy-gateway-system-internal | |
| infrastructure: | |
| annotations: | |
| loadbalancer.openstack.org/floating-subnet: ext-ha-v4 | |
| loadbalancer.openstack.org/connection-limit: "100000" | |
| loadbalancer.openstack.org/health-monitor-delay: "10" | |
| loadbalancer.openstack.org/health-monitor-timeout: "6" | |
| loadbalancer.openstack.org/health-monitor-max-retries: "2" | |
| loadbalancer.openstack.org/keep-floatingip: "true" | |
| loadbalancer.openstack.org/proxy-protocol: "true" | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: http-to-https-redirect | |
| namespace: envoy-gateway-system-internal | |
| spec: | |
| parentRefs: | |
| - name: internal | |
| namespace: envoy-gateway-system-internal | |
| sectionName: http | |
| rules: | |
| - filters: | |
| - type: RequestRedirect | |
| requestRedirect: | |
| scheme: https | |
| statusCode: 301 | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: GatewayClass | |
| metadata: | |
| name: external | |
| spec: | |
| controllerName: gateway.envoyproxy.io/gatewayclass-controller-external | |
| parametersRef: | |
| group: gateway.envoyproxy.io | |
| kind: EnvoyProxy | |
| name: custom-proxy-config | |
| namespace: envoy-gateway-system-external | |
| --- | |
| apiVersion: gateway.envoyproxy.io/v1alpha1 | |
| kind: EnvoyProxy | |
| metadata: | |
| name: custom-proxy-config | |
| namespace: envoy-gateway-system-external | |
| spec: | |
| provider: | |
| type: Kubernetes | |
| kubernetes: | |
| envoyDeployment: | |
| replicas: 1 | |
| container: | |
| resources: | |
| requests: | |
| cpu: 250m | |
| memory: 250Mi | |
| limits: | |
| cpu: 500m | |
| memory: 500Mi | |
| --- | |
| apiVersion: gateway.envoyproxy.io/v1alpha1 | |
| kind: ClientTrafficPolicy | |
| metadata: | |
| name: enable-proxy-protocol-policy | |
| namespace: envoy-gateway-system-external | |
| spec: | |
| targetRef: | |
| group: gateway.networking.k8s.io | |
| kind: Gateway | |
| name: external | |
| namespace: envoy-gateway-system-external | |
| enableProxyProtocol: true | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: Gateway | |
| metadata: | |
| name: external | |
| namespace: envoy-gateway-system-external | |
| spec: | |
| gatewayClassName: external | |
| listeners: | |
| - name: http | |
| protocol: HTTP | |
| port: 80 | |
| allowedRoutes: | |
| namespaces: | |
| from: All | |
| - name: https | |
| protocol: HTTPS | |
| port: 443 | |
| allowedRoutes: | |
| namespaces: | |
| from: All | |
| tls: | |
| mode: Terminate | |
| certificateRefs: | |
| - kind: Secret | |
| group: "" | |
| name: default-tls | |
| namespace: envoy-gateway-system-external | |
| infrastructure: | |
| annotations: | |
| loadbalancer.openstack.org/floating-subnet: ext-ha-pub2-v4 | |
| loadbalancer.openstack.org/connection-limit: "100000" | |
| loadbalancer.openstack.org/health-monitor-delay: "10" | |
| loadbalancer.openstack.org/health-monitor-timeout: "6" | |
| loadbalancer.openstack.org/health-monitor-max-retries: "2" | |
| loadbalancer.openstack.org/keep-floatingip: "true" | |
| loadbalancer.openstack.org/proxy-protocol: "true" | |
| --- | |
| apiVersion: gateway.networking.k8s.io/v1 | |
| kind: HTTPRoute | |
| metadata: | |
| name: http-to-https-redirect | |
| namespace: envoy-gateway-system-external | |
| spec: | |
| parentRefs: | |
| - name: external | |
| namespace: envoy-gateway-system-external | |
| sectionName: http | |
| rules: | |
| - filters: | |
| - type: RequestRedirect | |
| requestRedirect: | |
| scheme: https | |
| statusCode: 301 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment