diff --git a/docs/root/operations/_include/traffic_tapping_plain_text.yaml b/docs/root/operations/_include/traffic_tapping_plain_text.yaml new file mode 100644 index 0000000000000..2fa80b39f0b2d --- /dev/null +++ b/docs/root/operations/_include/traffic_tapping_plain_text.yaml @@ -0,0 +1,60 @@ +static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 8000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: app + domains: + - "*" + routes: + - match: + prefix: "/" + route: + cluster: service-http + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + transport_socket: + name: envoy.transport_sockets.tap + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tap.v3.Tap + common_config: + static_config: + match: + any_match: true + output_config: + sinks: + - format: PROTO_BINARY + file_per_tap: + path_prefix: /some/tap/path + transport_socket: + name: envoy.transport_sockets.raw_buffer + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer + + clusters: + - name: service-http + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: service-http + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 80 + protocol: TCP diff --git a/docs/root/operations/_include/traffic_tapping_ssl.yaml b/docs/root/operations/_include/traffic_tapping_ssl.yaml new file mode 100644 index 0000000000000..0a82d54a6b178 --- /dev/null +++ b/docs/root/operations/_include/traffic_tapping_ssl.yaml @@ -0,0 +1,60 @@ +static_resources: + listeners: + - address: + socket_address: + address: 0.0.0.0 + port_value: 8000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + codec_type: AUTO + stat_prefix: ingress_http + route_config: + name: local_route + virtual_hosts: + - name: app + domains: + - "*" + routes: + - match: + prefix: "/" + route: + cluster: service-https + http_filters: + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + + clusters: + - name: service-https + type: STATIC + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: service-https + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: 127.0.0.1 + port_value: 8080 + protocol: TCP + transport_socket: + name: envoy.transport_sockets.tap + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tap.v3.Tap + common_config: + static_config: + match: + any_match: true + output_config: + sinks: + - format: PROTO_BINARY + file_per_tap: + path_prefix: /some/tap/path + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext diff --git a/docs/root/operations/traffic_tapping.rst b/docs/root/operations/traffic_tapping.rst index fafb86d32ad78..3722890a26824 100644 --- a/docs/root/operations/traffic_tapping.rst +++ b/docs/root/operations/traffic_tapping.rst @@ -30,46 +30,21 @@ To configure traffic tapping, add an ``envoy.transport_sockets.tap`` transport s :ref:`configuration ` to the listener or cluster. For a plain text socket this might look like: -.. code-block:: yaml - - transport_socket: - name: envoy.transport_sockets.tap - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.tap.v3.Tap - common_config: - static_config: - match_config: - any_match: true - output_config: - sinks: - - format: PROTO_BINARY - file_per_tap: - path_prefix: /some/tap/path - transport_socket: - name: envoy.transport_sockets.raw_buffer - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer +.. literalinclude:: _include/traffic_tapping_plain_text.yaml + :language: yaml + :lines: 29-45 + :linenos: + :lineno-start: 29 + :caption: :download:`traffic_tapping_plain_text.yaml <_include/traffic_tapping_plain_text.yaml>` For a TLS socket, this will be: -.. code-block:: yaml - - transport_socket: - name: envoy.transport_sockets.tap - typed_config: - "@type": type.googleapis.com/envoy.extensions.transport_sockets.tap.v3.Tap - common_config: - static_config: - match_config: - any_match: true - output_config: - sinks: - - format: PROTO_BINARY - file_per_tap: - path_prefix: /some/tap/path - transport_socket: - name: envoy.transport_sockets.tls - typed_config: +.. literalinclude:: _include/traffic_tapping_ssl.yaml + :language: yaml + :lines: 44-60 + :linenos: + :lineno-start: 44 + :caption: :download:`traffic_tapping_ssl.yaml <_include/traffic_tapping_ssl.yaml>` where the TLS context configuration replaces any existing :ref:`downstream ` or :ref:`upstream