github.com/polarismesh/polaris@v1.17.8/test/data/xds/strict.dump.yaml (about) 1 clusters: 2 - circuitBreakers: 3 thresholds: 4 - maxConnections: 4.294967295e+09 5 maxPendingRequests: 4.294967295e+09 6 maxRequests: 4.294967295e+09 7 maxRetries: 4.294967295e+09 8 connectTimeout: 5s 9 lbPolicy: CLUSTER_PROVIDED 10 name: Inbound 11 type: ORIGINAL_DST 12 typedExtensionProtocolOptions: 13 envoy.extensions.upstreams.http.v3.HttpProtocolOptions: 14 '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions 15 useDownstreamProtocolConfig: 16 http2ProtocolOptions: 17 maxConcurrentStreams: 1.073741824e+09 18 httpProtocolOptions: {} 19 upstreamBindConfig: 20 sourceAddress: 21 address: 127.0.0.6 22 portValue: 0 23 - circuitBreakers: 24 thresholds: 25 - maxConnections: 4.294967295e+09 26 maxPendingRequests: 4.294967295e+09 27 maxRequests: 4.294967295e+09 28 maxRetries: 4.294967295e+09 29 connectTimeout: 5s 30 lbPolicy: CLUSTER_PROVIDED 31 name: PassthroughCluster 32 type: ORIGINAL_DST 33 - connectTimeout: 5s 34 edsClusterConfig: 35 edsConfig: 36 ads: {} 37 resourceApiVersion: V3 38 serviceName: service-a 39 name: service-a 40 transportSocketMatches: 41 - name: tls-mode 42 transportSocket: 43 name: envoy.transport_sockets.tls 44 typedConfig: 45 '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext 46 commonTlsContext: 47 combinedValidationContext: 48 defaultValidationContext: {} 49 validationContextSdsSecretConfig: 50 name: ROOTCA 51 sdsConfig: 52 apiConfigSource: 53 apiType: GRPC 54 grpcServices: 55 - envoyGrpc: 56 clusterName: sds-grpc 57 setNodeOnFirstMessageOnly: true 58 transportApiVersion: V3 59 initialFetchTimeout: 0s 60 resourceApiVersion: V3 61 tlsCertificateSdsSecretConfigs: 62 - name: default 63 sdsConfig: 64 apiConfigSource: 65 apiType: GRPC 66 grpcServices: 67 - envoyGrpc: 68 clusterName: sds-grpc 69 setNodeOnFirstMessageOnly: true 70 transportApiVersion: V3 71 initialFetchTimeout: 0s 72 resourceApiVersion: V3 73 sni: outbound_.default_.service-a.default.svc.cluster.local 74 type: EDS 75 endpoints: 76 - clusterName: service-a 77 endpoints: 78 - lbEndpoints: 79 - endpoint: 80 address: 81 socketAddress: 82 address: 172.17.1.2 83 portValue: 80 84 healthStatus: HEALTHY 85 loadBalancingWeight: 80 86 metadata: 87 filterMetadata: 88 envoy.lb: 89 polarismesh.cn/tls-mode: strict 90 envoy.transport_socket_match: 91 acceptMTLS: "true" 92 - endpoint: 93 address: 94 socketAddress: 95 address: 172.17.1.3 96 portValue: 80 97 healthStatus: UNHEALTHY 98 loadBalancingWeight: 80 99 metadata: 100 filterMetadata: 101 envoy.lb: {} 102 - endpoint: 103 address: 104 socketAddress: 105 address: 172.17.1.4 106 portValue: 80 107 healthStatus: UNHEALTHY 108 loadBalancingWeight: 80 109 metadata: 110 filterMetadata: 111 envoy.lb: {} 112 listeners: 113 - address: 114 socketAddress: 115 address: 0.0.0.0 116 portValue: 15001 117 defaultFilterChain: 118 filters: 119 - name: envoy.filters.network.tcp_proxy 120 typedConfig: 121 '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy 122 cluster: PassthroughCluster 123 statPrefix: PassthroughCluster 124 name: PassthroughFilterChain 125 filterChains: 126 - filters: 127 - name: envoy.filters.network.http_connection_manager 128 typedConfig: 129 '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 130 httpFilters: 131 - name: envoy.filters.http.local_ratelimit 132 typedConfig: 133 '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 134 statPrefix: http_local_rate_limiter 135 - name: envoy.filters.http.router 136 rds: 137 configSource: 138 ads: {} 139 resourceApiVersion: V3 140 routeConfigName: polaris-router 141 statPrefix: http 142 listenerFilters: 143 - name: envoy.filters.listener.original_dst 144 name: listener_15001 145 - address: 146 socketAddress: 147 address: 0.0.0.0 148 portValue: 15006 149 filterChains: 150 - filterChainMatch: 151 transportProtocol: tls 152 filters: 153 - name: envoy.filters.network.http_connection_manager 154 typedConfig: 155 '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 156 accessLog: 157 - name: envoy.access_loggers.file 158 typedConfig: 159 '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog 160 path: /dev/stdout 161 httpFilters: 162 - name: envoy.filters.http.local_ratelimit 163 typedConfig: 164 '@type': type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit 165 statPrefix: http_local_rate_limiter 166 - name: envoy.filters.http.router 167 httpProtocolOptions: 168 acceptHttp10: true 169 routeConfig: 170 name: Inbound 171 validateClusters: false 172 virtualHosts: 173 - domains: 174 - '*' 175 name: inbound|http|0 176 routes: 177 - match: 178 prefix: / 179 name: default 180 route: 181 cluster: Inbound 182 statPrefix: Inbound 183 name: virtualInbound-catchall-tls 184 transportSocket: 185 name: envoy.transport_sockets.tls 186 typedConfig: 187 '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext 188 commonTlsContext: 189 combinedValidationContext: 190 defaultValidationContext: 191 matchSubjectAltNames: 192 - prefix: spiffe://cluster.local/ 193 validationContextSdsSecretConfig: 194 name: ROOTCA 195 sdsConfig: 196 apiConfigSource: 197 apiType: GRPC 198 grpcServices: 199 - envoyGrpc: 200 clusterName: sds-grpc 201 setNodeOnFirstMessageOnly: true 202 transportApiVersion: V3 203 initialFetchTimeout: 0s 204 resourceApiVersion: V3 205 tlsCertificateSdsSecretConfigs: 206 - name: default 207 sdsConfig: 208 apiConfigSource: 209 apiType: GRPC 210 grpcServices: 211 - envoyGrpc: 212 clusterName: sds-grpc 213 setNodeOnFirstMessageOnly: true 214 transportApiVersion: V3 215 initialFetchTimeout: 0s 216 resourceApiVersion: V3 217 tlsParams: 218 cipherSuites: 219 - ECDHE-ECDSA-AES256-GCM-SHA384 220 - ECDHE-RSA-AES256-GCM-SHA384 221 - ECDHE-ECDSA-AES128-GCM-SHA256 222 - ECDHE-RSA-AES128-GCM-SHA256 223 - AES256-GCM-SHA384 224 - AES128-GCM-SHA256 225 tlsMinimumProtocolVersion: TLSv1_2 226 requireClientCertificate: true 227 listenerFilters: 228 - name: envoy.filters.listener.tls_inspector 229 typedConfig: 230 '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector 231 - name: envoy.filters.listener.http_inspector 232 typedConfig: 233 '@type': type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector 234 name: virtualInbound 235 trafficDirection: INBOUND 236 useOriginalDst: true 237 routers: 238 - name: polaris-router 239 validateClusters: false 240 virtualHosts: 241 - domains: 242 - service-a 243 - service-a.default 244 - service-a.default.svc 245 - service-a.default.svc.cluster 246 - service-a.default.svc.cluster.local 247 name: service-a 248 routes: 249 - match: 250 prefix: / 251 route: 252 cluster: service-a 253 - domains: 254 - '*' 255 name: allow_any 256 routes: 257 - match: 258 prefix: / 259 route: 260 cluster: PassthroughCluster