github.com/polarismesh/polaris@v1.17.8/test/data/xds/permissive.dump.yaml (about) 1 clusters: 2 - circuitBreakers: 3 thresholds: 4 - maxConnections: 4.294967295e+09 5 maxPendingRequests: 4.294967295e+09 6 maxRequests: 4.294967295e+09 7 maxRetries: 4.294967295e+09 8 connectTimeout: 5s 9 lbPolicy: CLUSTER_PROVIDED 10 name: Inbound 11 type: ORIGINAL_DST 12 typedExtensionProtocolOptions: 13 envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 14 '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 15 useDownstreamProtocolConfig: 16 http2ProtocolOptions: 17 maxConcurrentStreams: 1.073741824e+09 18 httpProtocolOptions: {} 19 upstreamBindConfig: 20 sourceAddress: 21 address: 127.0.0.6 22 portValue: 0 23 - circuitBreakers: 24 thresholds: 25 - maxConnections: 4.294967295e+09 26 maxPendingRequests: 4.294967295e+09 27 maxRequests: 4.294967295e+09 28 maxRetries: 4.294967295e+09 29 connectTimeout: 5s 30 lbPolicy: CLUSTER_PROVIDED 31 name: PassthroughCluster 32 type: ORIGINAL_DST 33 - connectTimeout: 5s 34 edsClusterConfig: 35 edsConfig: 36 ads: {} 37 resourceApiVersion: V3 38 serviceName: service-a 39 name: service-a 40 transportSocketMatches: 41 - match: 42 acceptMTLS: "true" 43 name: tls-mode 44 transportSocket: 45 name: envoy.transport_sockets.tls 46 typedConfig: 47 '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 48 commonTlsContext: 49 combinedValidationContext: 50 defaultValidationContext: {} 51 validationContextSdsSecretConfig: 52 name: ROOTCA 53 sdsConfig: 54 apiConfigSource: 55 apiType: GRPC 56 grpcServices: 57 - envoyGrpc: 58 clusterName: sds-grpc 59 setNodeOnFirstMessageOnly: true 60 transportApiVersion: V3 61 initialFetchTimeout: 0s 62 resourceApiVersion: V3 63 tlsCertificateSdsSecretConfigs: 64 - name: default 65 sdsConfig: 66 apiConfigSource: 67 apiType: GRPC 68 grpcServices: 69 - envoyGrpc: 70 clusterName: sds-grpc 71 setNodeOnFirstMessageOnly: true 72 transportApiVersion: V3 73 initialFetchTimeout: 0s 74 resourceApiVersion: V3 75 sni: outbound_.default_.service-a.default.svc.cluster.local 76 - match: {} 77 name: rawbuffer 78 transportSocket: 79 name: envoy.transport_sockets.raw_buffer 80 typedConfig: 81 '@type': type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer 82 type: EDS 83 endpoints: 84 - clusterName: service-a 85 endpoints: 86 - lbEndpoints: 87 - endpoint: 88 address: 89 socketAddress: 90 address: 172.17.1.2 91 portValue: 80 92 healthStatus: HEALTHY 93 loadBalancingWeight: 80 94 metadata: 95 filterMetadata: 96 envoy.lb: 97 polarismesh.cn/tls-mode: strict 98 envoy.transport_socket_match: 99 acceptMTLS: "true" 100 - endpoint: 101 address: 102 socketAddress: 103 address: 172.17.1.3 104 portValue: 80 105 healthStatus: UNHEALTHY 106 loadBalancingWeight: 80 107 metadata: 108 filterMetadata: 109 envoy.lb: {} 110 - endpoint: 111 address: 112 socketAddress: 113 address: 172.17.1.4 114 portValue: 80 115 healthStatus: UNHEALTHY 116 loadBalancingWeight: 80 117 metadata: 118 filterMetadata: 119 envoy.lb: {} 120 listeners: 121 - address: 122 socketAddress: 123 address: 0.0.0.0 124 portValue: 15001 125 defaultFilterChain: 126 filters: 127 - name: envoy.filters.network.tcp_proxy 128 typedConfig: 129 '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy 130 cluster: PassthroughCluster 131 statPrefix: PassthroughCluster 132 name: PassthroughFilterChain 133 filterChains: 134 - filters: 135 - name: envoy.filters.network.http_connection_manager 136 typedConfig: 137 '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 138 httpFilters: 139 - name: envoy.filters.http.local_ratelimit 140 typedConfig: 141 '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 142 statPrefix: http_local_rate_limiter 143 - name: envoy.filters.http.router 144 rds: 145 configSource: 146 ads: {} 147 resourceApiVersion: V3 148 routeConfigName: polaris-router 149 statPrefix: http 150 listenerFilters: 151 - name: envoy.filters.listener.original_dst 152 name: listener_15001 153 - address: 154 socketAddress: 155 address: 0.0.0.0 156 portValue: 15006 157 defaultFilterChain: 158 filters: 159 - name: envoy.filters.network.http_connection_manager 160 typedConfig: 161 '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 162 accessLog: 163 - name: envoy.access_loggers.file 164 typedConfig: 165 '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog 166 path: /dev/stdout 167 httpFilters: 168 - name: envoy.filters.http.local_ratelimit 169 typedConfig: 170 '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 171 statPrefix: http_local_rate_limiter 172 - name: envoy.filters.http.router 173 httpProtocolOptions: 174 acceptHttp10: true 175 routeConfig: 176 name: Inbound 177 validateClusters: false 178 virtualHosts: 179 - domains: 180 - '*' 181 name: inbound|http|0 182 routes: 183 - match: 184 prefix: / 185 name: default 186 route: 187 cluster: Inbound 188 statPrefix: Inbound 189 name: virtualInbound-catchall 190 filterChains: 191 - filterChainMatch: 192 transportProtocol: tls 193 filters: 194 - name: envoy.filters.network.http_connection_manager 195 typedConfig: 196 '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 197 accessLog: 198 - name: envoy.access_loggers.file 199 typedConfig: 200 '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog 201 path: /dev/stdout 202 httpFilters: 203 - name: envoy.filters.http.local_ratelimit 204 typedConfig: 205 '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 206 statPrefix: http_local_rate_limiter 207 - name: envoy.filters.http.router 208 httpProtocolOptions: 209 acceptHttp10: true 210 routeConfig: 211 name: Inbound 212 validateClusters: false 213 virtualHosts: 214 - domains: 215 - '*' 216 name: inbound|http|0 217 routes: 218 - match: 219 prefix: / 220 name: default 221 route: 222 cluster: Inbound 223 statPrefix: Inbound 224 name: virtualInbound-catchall-tls 225 transportSocket: 226 name: envoy.transport_sockets.tls 227 typedConfig: 228 '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext 229 commonTlsContext: 230 combinedValidationContext: 231 defaultValidationContext: 232 matchSubjectAltNames: 233 - prefix: spiffe://cluster.local/ 234 validationContextSdsSecretConfig: 235 name: ROOTCA 236 sdsConfig: 237 apiConfigSource: 238 apiType: GRPC 239 grpcServices: 240 - envoyGrpc: 241 clusterName: sds-grpc 242 setNodeOnFirstMessageOnly: true 243 transportApiVersion: V3 244 initialFetchTimeout: 0s 245 resourceApiVersion: V3 246 tlsCertificateSdsSecretConfigs: 247 - name: default 248 sdsConfig: 249 apiConfigSource: 250 apiType: GRPC 251 grpcServices: 252 - envoyGrpc: 253 clusterName: sds-grpc 254 setNodeOnFirstMessageOnly: true 255 transportApiVersion: V3 256 initialFetchTimeout: 0s 257 resourceApiVersion: V3 258 tlsParams: 259 cipherSuites: 260 - ECDHE-ECDSA-AES256-GCM-SHA384 261 - ECDHE-RSA-AES256-GCM-SHA384 262 - ECDHE-ECDSA-AES128-GCM-SHA256 263 - ECDHE-RSA-AES128-GCM-SHA256 264 - AES256-GCM-SHA384 265 - AES128-GCM-SHA256 266 tlsMinimumProtocolVersion: TLSv1_2 267 requireClientCertificate: true 268 listenerFilters: 269 - name: envoy.filters.listener.tls_inspector 270 typedConfig: 271 '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector 272 - name: envoy.filters.listener.http_inspector 273 typedConfig: 274 '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector 275 name: virtualInbound 276 trafficDirection: INBOUND 277 useOriginalDst: true 278 routers: 279 - name: polaris-router 280 validateClusters: false 281 virtualHosts: 282 - domains: 283 - service-a 284 - service-a.default 285 - service-a.default.svc 286 - service-a.default.svc.cluster 287 - service-a.default.svc.cluster.local 288 name: service-a 289 routes: 290 - match: 291 prefix: / 292 route: 293 cluster: service-a 294 - domains: 295 - '*' 296 name: allow_any 297 routes: 298 - match: 299 prefix: / 300 route: 301 cluster: PassthroughCluster