diff --git a/docs/protodoc_manifest.yaml b/docs/protodoc_manifest.yaml index e12bdea114202..4f32c94d4a51d 100644 --- a/docs/protodoc_manifest.yaml +++ b/docs/protodoc_manifest.yaml @@ -20,40 +20,40 @@ fields: threshold: value: 0.95 envoy.config.cluster.v3.Cluster.per_connection_buffer_limit_bytes: - edge_config: { example: 32768 } + edge_config: {example: 32768} envoy.config.cluster.v3.Cluster.http2_protocol_options: edge_config: example: - initial_stream_window_size: 65536 # 64 KiB - initial_connection_window_size: 1048576 # 1 MiB + initial_stream_window_size: 65536 # 64 KiB + initial_connection_window_size: 1048576 # 1 MiB envoy.config.listener.v3.Listener.per_connection_buffer_limit_bytes: - edge_config: { example: 32768 } + edge_config: {example: 32768} envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.common_http_protocol_options: edge_config: example: - idle_timeout: 900s # 15 mins + idle_timeout: 900s # 15 mins headers_with_underscores_action: REJECT_REQUEST envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.http2_protocol_options: edge_config: example: max_concurrent_streams: 100 - initial_stream_window_size: 65536 # 64 KiB - initial_connection_window_size: 1048576 # 1 MiB + initial_stream_window_size: 65536 # 64 KiB + initial_connection_window_size: 1048576 # 1 MiB envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_idle_timeout: edge_config: - example: 300s # 5 mins + example: 300s # 5 mins envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.request_headers_timeout: edge_config: - example: 10s # 10 seconds + example: 10s # 10 seconds envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.request_timeout: edge_config: note: > This timeout is not compatible with streaming requests. - example: 300s # 5 mins + example: 300s # 5 mins envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address: - edge_config: { example: true } + edge_config: {example: true} envoy.config.listener.v3.QuicProtocolOptions.quic_protocol_options: edge_config: example: - initial_stream_window_size: 65536 # 64 KiB - initial_connection_window_size: 65536 # 64 KiB + initial_stream_window_size: 65536 # 64 KiB + initial_connection_window_size: 65536 # 64 KiB diff --git a/docs/root/configuration/best_practices/_include/edge.yaml b/docs/root/configuration/best_practices/_include/edge.yaml index cfcb3c4bd5980..29f56fbac089c 100644 --- a/docs/root/configuration/best_practices/_include/edge.yaml +++ b/docs/root/configuration/best_practices/_include/edge.yaml @@ -5,7 +5,7 @@ overload_manager: typed_config: "@type": type.googleapis.com/envoy.extensions.resource_monitors.fixed_heap.v3.FixedHeapConfig # TODO: Tune for your system. - max_heap_size_bytes: 2147483648 # 2 GiB + max_heap_size_bytes: 2147483648 # 2 GiB actions: - name: "envoy.overload_actions.shrink_heap" triggers: @@ -37,7 +37,7 @@ static_resources: # - name: envoy.filters.listener.proxy_protocol # typed_config: # "@type": type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol - per_connection_buffer_limit_bytes: 32768 # 32 KiB + per_connection_buffer_limit_bytes: 32768 # 32 KiB filter_chains: - filter_chain_match: server_names: ["example.com", "www.example.com"] @@ -47,8 +47,8 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: tls_certificates: - - certificate_chain: { filename: "certs/servercert.pem" } - private_key: { filename: "certs/serverkey.pem" } + - certificate_chain: {filename: "certs/servercert.pem"} + private_key: {filename: "certs/serverkey.pem"} filters: - name: envoy.filters.network.http_connection_manager typed_config: @@ -59,51 +59,51 @@ static_resources: merge_slashes: true path_with_escaped_slashes_action: UNESCAPE_AND_REDIRECT common_http_protocol_options: - idle_timeout: 3600s # 1 hour + idle_timeout: 3600s # 1 hour headers_with_underscores_action: REJECT_REQUEST http2_protocol_options: max_concurrent_streams: 100 - initial_stream_window_size: 65536 # 64 KiB - initial_connection_window_size: 1048576 # 1 MiB - stream_idle_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests - request_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests + initial_stream_window_size: 65536 # 64 KiB + initial_connection_window_size: 1048576 # 1 MiB + stream_idle_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests + request_timeout: 300s # 5 mins, must be disabled for long-lived and streaming requests route_config: virtual_hosts: - name: default domains: ["*"] routes: - - match: { prefix: "/" } + - match: {prefix: "/"} route: cluster: service_foo - idle_timeout: 15s # must be disabled for long-lived and streaming requests + idle_timeout: 15s # must be disabled for long-lived and streaming requests clusters: - name: service_foo - per_connection_buffer_limit_bytes: 32768 # 32 KiB + per_connection_buffer_limit_bytes: 32768 # 32 KiB load_assignment: cluster_name: some_service endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http2_protocol_options: - initial_stream_window_size: 65536 # 64 KiB - initial_connection_window_size: 1048576 # 1 MiB + initial_stream_window_size: 65536 # 64 KiB + initial_connection_window_size: 1048576 # 1 MiB layered_runtime: layers: - - name: static_layer_0 - static_layer: - envoy: - resource_limits: - listener: - example_listener_name: - connection_limit: 10000 - overload: - global_downstream_max_connections: 50000 + - name: static_layer_0 + static_layer: + envoy: + resource_limits: + listener: + example_listener_name: + connection_limit: 10000 + overload: + global_downstream_max_connections: 50000 diff --git a/docs/root/configuration/http/http_conn_man/_include/preserve-case.yaml b/docs/root/configuration/http/http_conn_man/_include/preserve-case.yaml index a4ea11ac4af5e..cd70bffa507a1 100644 --- a/docs/root/configuration/http/http_conn_man/_include/preserve-case.yaml +++ b/docs/root/configuration/http/http_conn_man/_include/preserve-case.yaml @@ -1,49 +1,49 @@ static_resources: listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 443 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - http_protocol_options: - header_key_format: - stateful_formatter: - name: preserve_case - typed_config: - "@type": type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig - http_filters: - - name: envoy.filters.http.router - route_config: - virtual_hosts: - - name: default - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: service_foo + - address: + socket_address: + address: 0.0.0.0 + port_value: 443 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + http_protocol_options: + header_key_format: + stateful_formatter: + name: preserve_case + typed_config: + "@type": type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig + http_filters: + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: default + domains: ["*"] + routes: + - match: {prefix: "/"} + route: + cluster: service_foo clusters: - - name: service_foo - typed_extension_protocol_options: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicit_http_config: - http_protocol_options: - header_key_format: - stateful_formatter: - name: preserve_case - typed_config: - "@type": type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 + - name: service_foo + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http_protocol_options: + header_key_format: + stateful_formatter: + name: preserve_case + typed_config: + "@type": type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig + load_assignment: + cluster_name: some_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 diff --git a/docs/root/configuration/http/http_filters/_include/bandwidth-limit-filter.yaml b/docs/root/configuration/http/http_filters/_include/bandwidth-limit-filter.yaml index 2f63fb2147bc1..76ab6d35ad922 100644 --- a/docs/root/configuration/http/http_filters/_include/bandwidth-limit-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/bandwidth-limit-filter.yaml @@ -17,8 +17,8 @@ static_resources: - name: local_service domains: ["*"] routes: - - match: { prefix: "/path/with/bandwidth/limit" } - route: { cluster: service_protected_by_bandwidth_limit } + - match: {prefix: "/path/with/bandwidth/limit"} + route: {cluster: service_protected_by_bandwidth_limit} typed_per_filter_config: envoy.filters.http.bandwidth_limit: "@type": type.googleapis.com/envoy.extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit @@ -26,8 +26,8 @@ static_resources: enable_mode: REQUEST_AND_RESPONSE limit_kbps: 500 fill_interval: 0.1s - - match: { prefix: "/" } - route: { cluster: web_service } + - match: {prefix: "/"} + route: {cluster: web_service} http_filters: - name: envoy.filters.http.bandwidth_limit typed_config: diff --git a/docs/root/configuration/http/http_filters/_include/composite.yaml b/docs/root/configuration/http/http_filters/_include/composite.yaml index 72d11abde1114..d45969ba43615 100644 --- a/docs/root/configuration/http/http_filters/_include/composite.yaml +++ b/docs/root/configuration/http/http_filters/_include/composite.yaml @@ -1,12 +1,13 @@ admin: access_log_path: /tmp/admin_access.log address: - socket_address: { address: 0.0.0.0, port_value: 9901 } + socket_address: {address: 0.0.0.0, port_value: 9901} + static_resources: listeners: - name: listener1 address: - socket_address: { address: 0.0.0.0, port_value: 51051 } + socket_address: {address: 0.0.0.0, port_value: 51051} filter_chains: - filters: - name: envoy.filters.network.http_connection_manager @@ -22,8 +23,8 @@ static_resources: routes: # NOTE: by default, matching happens based on the gRPC route, and not on the incoming request path. # Reference: https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/grpc_json_transcoder_filter#route-configs-for-transcoded-requests - - match: { prefix: "/helloworld.Greeter" } - route: { cluster: grpc, timeout: 60s } + - match: {prefix: "/helloworld.Greeter"} + route: {cluster: grpc, timeout: 60s} http_filters: - name: composite typed_config: @@ -41,7 +42,7 @@ static_resources: header_name: x-fault-category exact_match_map: map: - "huge fault": # inject 10s latency into all requests + "huge fault": # inject 10s latency into all requests action: name: composite-action typed_config: @@ -55,7 +56,7 @@ static_resources: percentage: numerator: 100 denominator: HUNDRED - "tiny fault": # inject 1s latency into all requests + "tiny fault": # inject 1s latency into all requests action: name: composite-action typed_config: @@ -93,8 +94,8 @@ static_resources: layered_runtime: layers: - - name: static-layer - static_layer: - envoy: - reloadable_features: - experimental_matching_api: true + - name: static-layer + static_layer: + envoy: + reloadable_features: + experimental_matching_api: true diff --git a/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml b/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml index 4ffc8af0e483e..9d62826782fbc 100644 --- a/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml @@ -59,12 +59,12 @@ static_resources: load_assignment: cluster_name: some_service endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: localhost - port_value: 4630 + - lb_endpoints: + - endpoint: + address: + socket_address: + address: localhost + port_value: 4630 - name: grpc type: STRICT_DNS lb_policy: ROUND_ROBIN @@ -76,9 +76,9 @@ static_resources: load_assignment: cluster_name: grpc endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: localhost - port_value: 10005 + - lb_endpoints: + - endpoint: + address: + socket_address: + address: localhost + port_value: 10005 diff --git a/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml b/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml index 704b58d4f9b29..80a8c67e0f726 100644 --- a/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml @@ -1,12 +1,12 @@ admin: address: - socket_address: { address: 0.0.0.0, port_value: 9901 } + socket_address: {address: 0.0.0.0, port_value: 9901} static_resources: listeners: - name: listener1 address: - socket_address: { address: 0.0.0.0, port_value: 51051 } + socket_address: {address: 0.0.0.0, port_value: 51051} filter_chains: - filters: - name: envoy.filters.network.http_connection_manager @@ -22,8 +22,8 @@ static_resources: routes: # NOTE: by default, matching happens based on the gRPC route, and not on the incoming request path. # Reference: https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/grpc_json_transcoder_filter#route-configs-for-transcoded-requests - - match: { prefix: "/helloworld.Greeter" } - route: { cluster: grpc, timeout: 60s } + - match: {prefix: "/helloworld.Greeter"} + route: {cluster: grpc, timeout: 60s} http_filters: - name: envoy.filters.http.grpc_json_transcoder typed_config: diff --git a/docs/root/configuration/listeners/network_filters/_include/sni-dynamic-forward-proxy-filter.yaml b/docs/root/configuration/listeners/network_filters/_include/sni-dynamic-forward-proxy-filter.yaml index c78ad55d80324..2e30456d03d0e 100644 --- a/docs/root/configuration/listeners/network_filters/_include/sni-dynamic-forward-proxy-filter.yaml +++ b/docs/root/configuration/listeners/network_filters/_include/sni-dynamic-forward-proxy-filter.yaml @@ -13,21 +13,21 @@ static_resources: address: 0.0.0.0 port_value: 10000 listener_filters: - - name: envoy.filters.listener.tls_inspector + - name: envoy.filters.listener.tls_inspector filter_chains: - - filters: - - name: envoy.filters.network.sni_dynamic_forward_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig - port_value: 443 - dns_cache_config: - name: dynamic_forward_proxy_cache_config - dns_lookup_family: V4_ONLY - - name: envoy.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: tcp - cluster: dynamic_forward_proxy_cluster + - filters: + - name: envoy.filters.network.sni_dynamic_forward_proxy + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3alpha.FilterConfig + port_value: 443 + dns_cache_config: + name: dynamic_forward_proxy_cache_config + dns_lookup_family: V4_ONLY + - name: envoy.tcp_proxy + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + stat_prefix: tcp + cluster: dynamic_forward_proxy_cluster clusters: - name: dynamic_forward_proxy_cluster lb_policy: CLUSTER_PROVIDED diff --git a/docs/root/configuration/listeners/network_filters/_include/zookeeper-filter-proxy.yaml b/docs/root/configuration/listeners/network_filters/_include/zookeeper-filter-proxy.yaml index a9850d4672243..3215fcadad685 100644 --- a/docs/root/configuration/listeners/network_filters/_include/zookeeper-filter-proxy.yaml +++ b/docs/root/configuration/listeners/network_filters/_include/zookeeper-filter-proxy.yaml @@ -1,36 +1,36 @@ static_resources: listeners: - - name: main - address: - socket_address: - address: 127.0.0.1 # Host that zookeeper clients should connect to. - port_value: 10001 # Port that zookeeper clients should connect to. - filter_chains: - - filters: - - name: envoy.filters.network.zookeeper_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy - stat_prefix: zookeeper - - name: envoy.filters.network.tcp_proxy - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy - stat_prefix: tcp - cluster: local_zk_server + - name: main + address: + socket_address: + address: 127.0.0.1 # Host that zookeeper clients should connect to. + port_value: 10001 # Port that zookeeper clients should connect to. + filter_chains: + - filters: + - name: envoy.filters.network.zookeeper_proxy + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.zookeeper_proxy.v3.ZooKeeperProxy + stat_prefix: zookeeper + - name: envoy.filters.network.tcp_proxy + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + stat_prefix: tcp + cluster: local_zk_server clusters: - - name: local_zk_server - type: LOGICAL_DNS - lb_policy: ROUND_ROBIN - typed_extension_protocol_options: - envoy.extensions.upstreams.http.v3.HttpProtocolOptions: - "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions - explicit_http_config: - http2_protocol_options: {} - load_assignment: - cluster_name: local_zk_server - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 2181 + - name: local_zk_server + type: LOGICAL_DNS + lb_policy: ROUND_ROBIN + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} + load_assignment: + cluster_name: local_zk_server + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 2181 diff --git a/docs/root/configuration/overview/_include/tagged.yaml b/docs/root/configuration/overview/_include/tagged.yaml index a333ec7ffda1a..1146593ea9d31 100644 --- a/docs/root/configuration/overview/_include/tagged.yaml +++ b/docs/root/configuration/overview/_include/tagged.yaml @@ -1,7 +1,7 @@ !ignore dynamic_sockets: - - &admin_address { address: 127.0.0.1, port_value: 9901 } - - &listener_address { address: 127.0.0.1, port_value: 10000 } - - &lb_address { address: 127.0.0.1, port_value: 1234 } +- &admin_address {address: 127.0.0.1, port_value: 9901} +- &listener_address {address: 127.0.0.1, port_value: 10000} +- &lb_address {address: 127.0.0.1, port_value: 1234} admin: address: @@ -25,8 +25,8 @@ static_resources: - name: local_service domains: ["*"] routes: - - match: { prefix: "/" } - route: { cluster: some_service } + - match: {prefix: "/"} + route: {cluster: some_service} http_filters: - name: envoy.filters.http.router clusters: diff --git a/docs/root/intro/_include/life-of-a-request.yaml b/docs/root/intro/_include/life-of-a-request.yaml index 9dbe644dcaaeb..f1517c3807cde 100644 --- a/docs/root/intro/_include/life-of-a-request.yaml +++ b/docs/root/intro/_include/life-of-a-request.yaml @@ -24,8 +24,8 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: tls_certificates: - - certificate_chain: { filename: "certs/servercert.pem" } - private_key: { filename: "certs/serverkey.pem" } + - certificate_chain: {filename: "certs/servercert.pem"} + private_key: {filename: "certs/serverkey.pem"} filters: # The HTTP connection manager is the only network filter. - name: envoy.filters.network.http_connection_manager @@ -37,10 +37,10 @@ static_resources: max_concurrent_streams: 100 # File system based access logging. access_log: - - name: envoy.access_loggers.file - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - path: "/var/log/envoy/access.log" + - name: envoy.access_loggers.file + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: "/var/log/envoy/access.log" # The route table, mapping /foo to some_service. route_config: name: local_route @@ -54,8 +54,8 @@ static_resources: cluster: some_service # CustomFilter and the HTTP router filter are the HTTP filter chain. http_filters: - # - name: some.customer.filter - - name: envoy.filters.http.router + # - name: some.customer.filter + - name: envoy.filters.http.router clusters: - name: some_service # Upstream TLS configuration. @@ -85,10 +85,10 @@ static_resources: http2_protocol_options: max_concurrent_streams: 100 - name: some_statsd_sink - # The rest of the configuration for statsd sink cluster. + # The rest of the configuration for statsd sink cluster. # statsd sink. stats_sinks: - - name: envoy.stat_sinks.statsd - typed_config: - "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink - tcp_cluster_name: some_statsd_sink +- name: envoy.stat_sinks.statsd + typed_config: + "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink + tcp_cluster_name: some_statsd_sink diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/complicated.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/complicated.yaml index a9dd901d638b2..9efc4cbf217e8 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/complicated.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/complicated.yaml @@ -1,100 +1,100 @@ static_resources: listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 443 - listener_filters: - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - http_filters: - - name: with-matcher + - address: + socket_address: + address: 0.0.0.0 + port_value: 443 + listener_filters: + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + http_filters: + - name: with-matcher + typed_config: + "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher + extension_config: + name: envoy.filters.http.fault + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault + abort: + http_status: 503 + percentage: + numerator: 0 + denominator: HUNDRED + delay: + fixed_delay: 3s + percentage: + numerator: 0 + denominator: HUNDRED + matcher: + # The top level matcher is a matcher tree which conceptually selects one of several subtrees. + matcher_tree: + input: + name: request-headers typed_config: - "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher - extension_config: - name: envoy.filters.http.fault - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault - abort: - http_status: 503 - percentage: - numerator: 0 - denominator: HUNDRED - delay: - fixed_delay: 3s - percentage: - numerator: 0 - denominator: HUNDRED - matcher: - # The top level matcher is a matcher tree which conceptually selects one of several subtrees. - matcher_tree: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput - header_name: some-header - exact_match_map: - # Note this additional indirection; this is a workaround for Protobuf oneof limitations. - map: - some_value_to_match_on: # This is the header value we're trying to match against. - # The OnMatch resulting on matching with this branch of the exact matcher is another matcher, allowing for recursive matching. - matcher: - # The inner matcher is a matcher list, which attempts to match a list of predicates. - matcher_list: - matchers: - - predicate: - or_matcher: - predicate: - - single_predicate: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput - header_name: second-header - value_match: - exact: foo - - single_predicate: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput - header_name: second-header - value_match: - exact: bar - on_match: - action: - name: skip - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter - - name: envoy.filters.http.router - route_config: - virtual_hosts: - - name: default - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: service_foo + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + header_name: some-header + exact_match_map: + # Note this additional indirection; this is a workaround for Protobuf oneof limitations. + map: + some_value_to_match_on: # This is the header value we're trying to match against. + # The OnMatch resulting on matching with this branch of the exact matcher is another matcher, allowing for recursive matching. + matcher: + # The inner matcher is a matcher list, which attempts to match a list of predicates. + matcher_list: + matchers: + - predicate: + or_matcher: + predicate: + - single_predicate: + input: + name: request-headers + typed_config: + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + header_name: second-header + value_match: + exact: foo + - single_predicate: + input: + name: request-headers + typed_config: + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + header_name: second-header + value_match: + exact: bar + on_match: + action: + name: skip + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: default + domains: ["*"] + routes: + - match: {prefix: "/"} + route: + cluster: service_foo clusters: - - name: service_foo - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 + - name: service_foo + load_assignment: + cluster_name: some_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 layered_runtime: layers: - - name: static-layer - static_layer: - envoy: - reloadable_features: - experimental_matching_api: true + - name: static-layer + static_layer: + envoy: + reloadable_features: + experimental_matching_api: true diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/request_response.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/request_response.yaml index ff48ee5e13f52..bf4721e48e24f 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/request_response.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/request_response.yaml @@ -1,86 +1,86 @@ static_resources: listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 443 - listener_filters: - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - http_filters: - - name: with-matcher - typed_config: - "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher - extension_config: - name: envoy.filters.http.fault + - address: + socket_address: + address: 0.0.0.0 + port_value: 443 + listener_filters: + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + http_filters: + - name: with-matcher + typed_config: + "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher + extension_config: + name: envoy.filters.http.fault + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault + abort: + http_status: 503 + percentage: + numerator: 0 + denominator: HUNDRED + delay: + fixed_delay: 3s + percentage: + numerator: 0 + denominator: HUNDRED + matcher: + matcher_list: + matchers: + - predicate: + or_matcher: + predicate: + - single_predicate: + input: + name: request-headers + typed_config: + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + header_name: request-header + value_match: + exact: foo + - single_predicate: + input: + name: request-headers + typed_config: + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpResponseHeaderMatchInput + header_name: response-header + value_match: + exact: bar + on_match: + action: + name: skip typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault - abort: - http_status: 503 - percentage: - numerator: 0 - denominator: HUNDRED - delay: - fixed_delay: 3s - percentage: - numerator: 0 - denominator: HUNDRED - matcher: - matcher_list: - matchers: - - predicate: - or_matcher: - predicate: - - single_predicate: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput - header_name: request-header - value_match: - exact: foo - - single_predicate: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpResponseHeaderMatchInput - header_name: response-header - value_match: - exact: bar - on_match: - action: - name: skip - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter - - name: envoy.filters.http.router - route_config: - virtual_hosts: - - name: default - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: service_foo + "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: default + domains: ["*"] + routes: + - match: {prefix: "/"} + route: + cluster: service_foo clusters: - - name: service_foo - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 + - name: service_foo + load_assignment: + cluster_name: some_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 layered_runtime: layers: - - name: static-layer - static_layer: - envoy: - reloadable_features: - experimental_matching_api: true + - name: static-layer + static_layer: + envoy: + reloadable_features: + experimental_matching_api: true diff --git a/docs/root/intro/arch_overview/advanced/matching/_include/simple.yaml b/docs/root/intro/arch_overview/advanced/matching/_include/simple.yaml index fdf2f1c8c183a..836deb8191825 100644 --- a/docs/root/intro/arch_overview/advanced/matching/_include/simple.yaml +++ b/docs/root/intro/arch_overview/advanced/matching/_include/simple.yaml @@ -1,74 +1,74 @@ static_resources: listeners: - - address: - socket_address: - address: 0.0.0.0 - port_value: 443 - listener_filters: - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http - http_filters: - - name: with-matcher + - address: + socket_address: + address: 0.0.0.0 + port_value: 443 + listener_filters: + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + http_filters: + - name: with-matcher + typed_config: + "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher + extension_config: + name: envoy.filters.http.fault + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault + abort: + http_status: 503 + percentage: + numerator: 0 + denominator: HUNDRED + delay: + fixed_delay: 3s + percentage: + numerator: 0 + denominator: HUNDRED + matcher: + matcher_tree: + input: + name: request-headers typed_config: - "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher - extension_config: - name: envoy.filters.http.fault - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault - abort: - http_status: 503 - percentage: - numerator: 0 - denominator: HUNDRED - delay: - fixed_delay: 3s - percentage: - numerator: 0 - denominator: HUNDRED - matcher: - matcher_tree: - input: - name: request-headers - typed_config: - "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput - header_name: some-header - exact_match_map: - # Note this additional indirection; this is a workaround for Protobuf oneof limitations. - map: - some_value_to_match_on: # This is the header value we're trying to match against. - action: - name: skip - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter - - name: envoy.filters.http.router - route_config: - virtual_hosts: - - name: default - domains: ["*"] - routes: - - match: { prefix: "/" } - route: - cluster: service_foo + "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput + header_name: some-header + exact_match_map: + # Note this additional indirection; this is a workaround for Protobuf oneof limitations. + map: + some_value_to_match_on: # This is the header value we're trying to match against. + action: + name: skip + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter + - name: envoy.filters.http.router + route_config: + virtual_hosts: + - name: default + domains: ["*"] + routes: + - match: {prefix: "/"} + route: + cluster: service_foo clusters: - - name: service_foo - load_assignment: - cluster_name: some_service - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: 127.0.0.1 - port_value: 8080 + - name: service_foo + load_assignment: + cluster_name: some_service + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 layered_runtime: layers: - - name: static-layer - static_layer: - envoy: - reloadable_features: - experimental_matching_api: true + - name: static-layer + static_layer: + envoy: + reloadable_features: + experimental_matching_api: true diff --git a/docs/root/intro/arch_overview/security/_include/ssl.yaml b/docs/root/intro/arch_overview/security/_include/ssl.yaml index e23727f0d1473..205142dcbb019 100644 --- a/docs/root/intro/arch_overview/security/_include/ssl.yaml +++ b/docs/root/intro/arch_overview/security/_include/ssl.yaml @@ -1,7 +1,7 @@ static_resources: listeners: - name: listener_0 - address: { socket_address: { address: 127.0.0.1, port_value: 10000 } } + address: {socket_address: {address: 127.0.0.1, port_value: 10000}} filter_chains: - filters: - name: envoy.filters.network.http_connection_manager @@ -13,7 +13,7 @@ static_resources: - name: default domains: ["*"] routes: - - match: { prefix: "/" } + - match: {prefix: "/"} route: cluster: some_service transport_socket: @@ -22,8 +22,8 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: tls_certificates: - - certificate_chain: { filename: "certs/servercert.pem" } - private_key: { filename: "certs/serverkey.pem" } + - certificate_chain: {filename: "certs/servercert.pem"} + private_key: {filename: "certs/serverkey.pem"} validation_context: trusted_ca: filename: certs/cacert.pem @@ -46,9 +46,9 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_certificates: - - certificate_chain: { "filename": "certs/servercert.pem" } - private_key: { "filename": "certs/serverkey.pem" } - ocsp_staple: { "filename": "certs/server_ocsp_resp.der" } + - certificate_chain: {"filename": "certs/servercert.pem"} + private_key: {"filename": "certs/serverkey.pem"} + ocsp_staple: {"filename": "certs/server_ocsp_resp.der"} validation_context: match_subject_alt_names: - exact: "foo"