[ { "name": "BlackHoleCluster", "type": "STATIC",

1. [
2. {
3. "name": "BlackHoleCluster",
4. "type": "STATIC",
5. "connectTimeout": "10s",
6. "filters": [
7. {
8. "name": "istio.metadata_exchange",
9. "typedConfig": {
10. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
11. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
12. "value": {
13. "protocol": "istio-peer-exchange"
14. }
15. }
16. }
17. ]
18. },
19. {
20. "name": "InboundPassthroughClusterIpv4",
21. "type": "ORIGINAL_DST",
22. "connectTimeout": "10s",
23. "lbPolicy": "CLUSTER_PROVIDED",
24. "circuitBreakers": {
25. "thresholds": [
26. {
27. "maxConnections": 4294967295,
28. "maxPendingRequests": 4294967295,
29. "maxRequests": 4294967295,
30. "maxRetries": 4294967295
31. }
32. ]
33. },
34. "upstreamBindConfig": {
35. "sourceAddress": {
36. "address": "127.0.0.6",
37. "portValue": 0
38. }
39. },
40. "protocolSelection": "USE_DOWNSTREAM_PROTOCOL"
41. },
42. {
43. "name": "PassthroughCluster",
44. "type": "ORIGINAL_DST",
45. "connectTimeout": "10s",
46. "lbPolicy": "CLUSTER_PROVIDED",
47. "circuitBreakers": {
48. "thresholds": [
49. {
50. "maxConnections": 4294967295,
51. "maxPendingRequests": 4294967295,
52. "maxRequests": 4294967295,
53. "maxRetries": 4294967295
54. }
55. ]
56. },
57. "protocolSelection": "USE_DOWNSTREAM_PROTOCOL",
58. "filters": [
59. {
60. "name": "istio.metadata_exchange",
61. "typedConfig": {
62. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
63. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
64. "value": {
65. "protocol": "istio-peer-exchange"
66. }
67. }
68. }
69. ]
70. },
71. {
72. "transportSocketMatches": [
73. {
74. "name": "tlsMode-istio",
75. "match": {
76. "tlsMode": "istio"
77. },
78. "transportSocket": {
79. "name": "envoy.transport_sockets.tls",
80. "typedConfig": {
81. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
82. "commonTlsContext": {
83. "tlsCertificateSdsSecretConfigs": [
84. {
85. "name": "default",
86. "sdsConfig": {
87. "apiConfigSource": {
88. "apiType": "GRPC",
89. "transportApiVersion": "V3",
90. "grpcServices": [
91. {
92. "envoyGrpc": {
93. "clusterName": "sds-grpc"
94. }
95. }
96. ]
97. },
98. "initialFetchTimeout": "0s",
99. "resourceApiVersion": "V3"
100. }
101. }
102. ],
103. "combinedValidationContext": {
104. "defaultValidationContext": {
105. "matchSubjectAltNames": [
106. {
107. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
108. }
109. ]
110. },
111. "validationContextSdsSecretConfig": {
112. "name": "ROOTCA",
113. "sdsConfig": {
114. "apiConfigSource": {
115. "apiType": "GRPC",
116. "transportApiVersion": "V3",
117. "grpcServices": [
118. {
119. "envoyGrpc": {
120. "clusterName": "sds-grpc"
121. }
122. }
123. ]
124. },
125. "initialFetchTimeout": "0s",
126. "resourceApiVersion": "V3"
127. }
128. }
129. },
130. "alpnProtocols": [
131. "istio-peer-exchange",
132. "istio",
133. "h2"
134. ]
135. },
136. "sni": "outbound_.9555_._.adservice.hipster.svc.cluster.local"
137. }
138. }
139. },
140. {
141. "name": "tlsMode-disabled",
142. "match": {},
143. "transportSocket": {
144. "name": "envoy.transport_sockets.raw_buffer"
145. }
146. }
147. ],
148. "name": "outbound|9555||adservice.hipster.svc.cluster.local",
149. "type": "EDS",
150. "edsClusterConfig": {
151. "edsConfig": {
152. "ads": {},
153. "resourceApiVersion": "V3"
154. },
155. "serviceName": "outbound|9555||adservice.hipster.svc.cluster.local"
156. },
157. "connectTimeout": "10s",
158. "circuitBreakers": {
159. "thresholds": [
160. {
161. "maxConnections": 4294967295,
162. "maxPendingRequests": 4294967295,
163. "maxRequests": 4294967295,
164. "maxRetries": 4294967295
165. }
166. ]
167. },
168. "http2ProtocolOptions": {
169. "maxConcurrentStreams": 1073741824
170. },
171. "filters": [
172. {
173. "name": "istio.metadata_exchange",
174. "typedConfig": {
175. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
176. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
177. "value": {
178. "protocol": "istio-peer-exchange"
179. }
180. }
181. }
182. ]
183. },
184. {
185. "name": "agent",
186. "type": "STATIC",
187. "connectTimeout": "0.250s",
188. "loadAssignment": {
189. "clusterName": "prometheus_stats",
190. "endpoints": [
191. {
192. "lbEndpoints": [
193. {
194. "endpoint": {
195. "address": {
196. "socketAddress": {
197. "address": "127.0.0.1",
198. "portValue": 15020
199. }
200. }
201. }
202. }
203. ]
204. }
205. ]
206. }
207. },
208. {
209. "transportSocketMatches": [
210. {
211. "name": "tlsMode-istio",
212. "match": {
213. "tlsMode": "istio"
214. },
215. "transportSocket": {
216. "name": "envoy.transport_sockets.tls",
217. "typedConfig": {
218. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
219. "commonTlsContext": {
220. "tlsCertificateSdsSecretConfigs": [
221. {
222. "name": "default",
223. "sdsConfig": {
224. "apiConfigSource": {
225. "apiType": "GRPC",
226. "transportApiVersion": "V3",
227. "grpcServices": [
228. {
229. "envoyGrpc": {
230. "clusterName": "sds-grpc"
231. }
232. }
233. ]
234. },
235. "initialFetchTimeout": "0s",
236. "resourceApiVersion": "V3"
237. }
238. }
239. ],
240. "combinedValidationContext": {
241. "defaultValidationContext": {
242. "matchSubjectAltNames": [
243. {
244. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/kube-system/sa/ip-masq-agent"
245. }
246. ]
247. },
248. "validationContextSdsSecretConfig": {
249. "name": "ROOTCA",
250. "sdsConfig": {
251. "apiConfigSource": {
252. "apiType": "GRPC",
253. "transportApiVersion": "V3",
254. "grpcServices": [
255. {
256. "envoyGrpc": {
257. "clusterName": "sds-grpc"
258. }
259. }
260. ]
261. },
262. "initialFetchTimeout": "0s",
263. "resourceApiVersion": "V3"
264. }
265. }
266. },
267. "alpnProtocols": [
268. "istio-peer-exchange",
269. "istio"
270. ]
271. },
272. "sni": "outbound_.5473_._.calico-typha.kube-system.svc.cluster.local"
273. }
274. }
275. },
276. {
277. "name": "tlsMode-disabled",
278. "match": {},
279. "transportSocket": {
280. "name": "envoy.transport_sockets.raw_buffer"
281. }
282. }
283. ],
284. "name": "outbound|5473||calico-typha.kube-system.svc.cluster.local",
285. "type": "EDS",
286. "edsClusterConfig": {
287. "edsConfig": {
288. "ads": {},
289. "resourceApiVersion": "V3"
290. },
291. "serviceName": "outbound|5473||calico-typha.kube-system.svc.cluster.local"
292. },
293. "connectTimeout": "10s",
294. "circuitBreakers": {
295. "thresholds": [
296. {
297. "maxConnections": 4294967295,
298. "maxPendingRequests": 4294967295,
299. "maxRequests": 4294967295,
300. "maxRetries": 4294967295
301. }
302. ]
303. },
304. "filters": [
305. {
306. "name": "istio.metadata_exchange",
307. "typedConfig": {
308. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
309. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
310. "value": {
311. "protocol": "istio-peer-exchange"
312. }
313. }
314. }
315. ]
316. },
317. {
318. "transportSocketMatches": [
319. {
320. "name": "tlsMode-istio",
321. "match": {
322. "tlsMode": "istio"
323. },
324. "transportSocket": {
325. "name": "envoy.transport_sockets.tls",
326. "typedConfig": {
327. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
328. "commonTlsContext": {
329. "tlsCertificateSdsSecretConfigs": [
330. {
331. "name": "default",
332. "sdsConfig": {
333. "apiConfigSource": {
334. "apiType": "GRPC",
335. "transportApiVersion": "V3",
336. "grpcServices": [
337. {
338. "envoyGrpc": {
339. "clusterName": "sds-grpc"
340. }
341. }
342. ]
343. },
344. "initialFetchTimeout": "0s",
345. "resourceApiVersion": "V3"
346. }
347. }
348. ],
349. "combinedValidationContext": {
350. "defaultValidationContext": {
351. "matchSubjectAltNames": [
352. {
353. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/asm-system/sa/canonical-service-account"
354. }
355. ]
356. },
357. "validationContextSdsSecretConfig": {
358. "name": "ROOTCA",
359. "sdsConfig": {
360. "apiConfigSource": {
361. "apiType": "GRPC",
362. "transportApiVersion": "V3",
363. "grpcServices": [
364. {
365. "envoyGrpc": {
366. "clusterName": "sds-grpc"
367. }
368. }
369. ]
370. },
371. "initialFetchTimeout": "0s",
372. "resourceApiVersion": "V3"
373. }
374. }
375. },
376. "alpnProtocols": [
377. "istio-peer-exchange",
378. "istio"
379. ]
380. },
381. "sni": "outbound_.8443_._.canonical-service-controller-manager-metrics-service.asm-system.svc.cluster.local"
382. }
383. }
384. },
385. {
386. "name": "tlsMode-disabled",
387. "match": {},
388. "transportSocket": {
389. "name": "envoy.transport_sockets.raw_buffer"
390. }
391. }
392. ],
393. "name": "outbound|8443||canonical-service-controller-manager-metrics-service.asm-system.svc.cluster.local",
394. "type": "EDS",
395. "edsClusterConfig": {
396. "edsConfig": {
397. "ads": {},
398. "resourceApiVersion": "V3"
399. },
400. "serviceName": "outbound|8443||canonical-service-controller-manager-metrics-service.asm-system.svc.cluster.local"
401. },
402. "connectTimeout": "10s",
403. "circuitBreakers": {
404. "thresholds": [
405. {
406. "maxConnections": 4294967295,
407. "maxPendingRequests": 4294967295,
408. "maxRequests": 4294967295,
409. "maxRetries": 4294967295
410. }
411. ]
412. },
413. "filters": [
414. {
415. "name": "istio.metadata_exchange",
416. "typedConfig": {
417. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
418. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
419. "value": {
420. "protocol": "istio-peer-exchange"
421. }
422. }
423. }
424. ]
425. },
426. {
427. "transportSocketMatches": [
428. {
429. "name": "tlsMode-istio",
430. "match": {
431. "tlsMode": "istio"
432. },
433. "transportSocket": {
434. "name": "envoy.transport_sockets.tls",
435. "typedConfig": {
436. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
437. "commonTlsContext": {
438. "tlsCertificateSdsSecretConfigs": [
439. {
440. "name": "default",
441. "sdsConfig": {
442. "apiConfigSource": {
443. "apiType": "GRPC",
444. "transportApiVersion": "V3",
445. "grpcServices": [
446. {
447. "envoyGrpc": {
448. "clusterName": "sds-grpc"
449. }
450. }
451. ]
452. },
453. "initialFetchTimeout": "0s",
454. "resourceApiVersion": "V3"
455. }
456. }
457. ],
458. "combinedValidationContext": {
459. "defaultValidationContext": {
460. "matchSubjectAltNames": [
461. {
462. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
463. }
464. ]
465. },
466. "validationContextSdsSecretConfig": {
467. "name": "ROOTCA",
468. "sdsConfig": {
469. "apiConfigSource": {
470. "apiType": "GRPC",
471. "transportApiVersion": "V3",
472. "grpcServices": [
473. {
474. "envoyGrpc": {
475. "clusterName": "sds-grpc"
476. }
477. }
478. ]
479. },
480. "initialFetchTimeout": "0s",
481. "resourceApiVersion": "V3"
482. }
483. }
484. },
485. "alpnProtocols": [
486. "istio-peer-exchange",
487. "istio",
488. "h2"
489. ]
490. },
491. "sni": "outbound_.7070_._.cartservice.hipster.svc.cluster.local"
492. }
493. }
494. },
495. {
496. "name": "tlsMode-disabled",
497. "match": {},
498. "transportSocket": {
499. "name": "envoy.transport_sockets.raw_buffer"
500. }
501. }
502. ],
503. "name": "outbound|7070||cartservice.hipster.svc.cluster.local",
504. "type": "EDS",
505. "edsClusterConfig": {
506. "edsConfig": {
507. "ads": {},
508. "resourceApiVersion": "V3"
509. },
510. "serviceName": "outbound|7070||cartservice.hipster.svc.cluster.local"
511. },
512. "connectTimeout": "10s",
513. "circuitBreakers": {
514. "thresholds": [
515. {
516. "maxConnections": 4294967295,
517. "maxPendingRequests": 4294967295,
518. "maxRequests": 4294967295,
519. "maxRetries": 4294967295
520. }
521. ]
522. },
523. "http2ProtocolOptions": {
524. "maxConcurrentStreams": 1073741824
525. },
526. "filters": [
527. {
528. "name": "istio.metadata_exchange",
529. "typedConfig": {
530. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
531. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
532. "value": {
533. "protocol": "istio-peer-exchange"
534. }
535. }
536. }
537. ]
538. },
539. {
540. "transportSocketMatches": [
541. {
542. "name": "tlsMode-istio",
543. "match": {
544. "tlsMode": "istio"
545. },
546. "transportSocket": {
547. "name": "envoy.transport_sockets.tls",
548. "typedConfig": {
549. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
550. "commonTlsContext": {
551. "tlsCertificateSdsSecretConfigs": [
552. {
553. "name": "default",
554. "sdsConfig": {
555. "apiConfigSource": {
556. "apiType": "GRPC",
557. "transportApiVersion": "V3",
558. "grpcServices": [
559. {
560. "envoyGrpc": {
561. "clusterName": "sds-grpc"
562. }
563. }
564. ]
565. },
566. "initialFetchTimeout": "0s",
567. "resourceApiVersion": "V3"
568. }
569. }
570. ],
571. "combinedValidationContext": {
572. "defaultValidationContext": {
573. "matchSubjectAltNames": [
574. {
575. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
576. }
577. ]
578. },
579. "validationContextSdsSecretConfig": {
580. "name": "ROOTCA",
581. "sdsConfig": {
582. "apiConfigSource": {
583. "apiType": "GRPC",
584. "transportApiVersion": "V3",
585. "grpcServices": [
586. {
587. "envoyGrpc": {
588. "clusterName": "sds-grpc"
589. }
590. }
591. ]
592. },
593. "initialFetchTimeout": "0s",
594. "resourceApiVersion": "V3"
595. }
596. }
597. },
598. "alpnProtocols": [
599. "istio-peer-exchange",
600. "istio",
601. "h2"
602. ]
603. },
604. "sni": "outbound_.5050_._.checkoutservice.hipster.svc.cluster.local"
605. }
606. }
607. },
608. {
609. "name": "tlsMode-disabled",
610. "match": {},
611. "transportSocket": {
612. "name": "envoy.transport_sockets.raw_buffer"
613. }
614. }
615. ],
616. "name": "outbound|5050||checkoutservice.hipster.svc.cluster.local",
617. "type": "EDS",
618. "edsClusterConfig": {
619. "edsConfig": {
620. "ads": {},
621. "resourceApiVersion": "V3"
622. },
623. "serviceName": "outbound|5050||checkoutservice.hipster.svc.cluster.local"
624. },
625. "connectTimeout": "10s",
626. "circuitBreakers": {
627. "thresholds": [
628. {
629. "maxConnections": 4294967295,
630. "maxPendingRequests": 4294967295,
631. "maxRequests": 4294967295,
632. "maxRetries": 4294967295
633. }
634. ]
635. },
636. "http2ProtocolOptions": {
637. "maxConcurrentStreams": 1073741824
638. },
639. "filters": [
640. {
641. "name": "istio.metadata_exchange",
642. "typedConfig": {
643. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
644. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
645. "value": {
646. "protocol": "istio-peer-exchange"
647. }
648. }
649. }
650. ]
651. },
652. {
653. "transportSocketMatches": [
654. {
655. "name": "tlsMode-istio",
656. "match": {
657. "tlsMode": "istio"
658. },
659. "transportSocket": {
660. "name": "envoy.transport_sockets.tls",
661. "typedConfig": {
662. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
663. "commonTlsContext": {
664. "tlsCertificateSdsSecretConfigs": [
665. {
666. "name": "default",
667. "sdsConfig": {
668. "apiConfigSource": {
669. "apiType": "GRPC",
670. "transportApiVersion": "V3",
671. "grpcServices": [
672. {
673. "envoyGrpc": {
674. "clusterName": "sds-grpc"
675. }
676. }
677. ]
678. },
679. "initialFetchTimeout": "0s",
680. "resourceApiVersion": "V3"
681. }
682. }
683. ],
684. "combinedValidationContext": {
685. "defaultValidationContext": {
686. "matchSubjectAltNames": [
687. {
688. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
689. }
690. ]
691. },
692. "validationContextSdsSecretConfig": {
693. "name": "ROOTCA",
694. "sdsConfig": {
695. "apiConfigSource": {
696. "apiType": "GRPC",
697. "transportApiVersion": "V3",
698. "grpcServices": [
699. {
700. "envoyGrpc": {
701. "clusterName": "sds-grpc"
702. }
703. }
704. ]
705. },
706. "initialFetchTimeout": "0s",
707. "resourceApiVersion": "V3"
708. }
709. }
710. },
711. "alpnProtocols": [
712. "istio-peer-exchange",
713. "istio",
714. "h2"
715. ]
716. },
717. "sni": "outbound_.7000_._.currencyservice.hipster.svc.cluster.local"
718. }
719. }
720. },
721. {
722. "name": "tlsMode-disabled",
723. "match": {},
724. "transportSocket": {
725. "name": "envoy.transport_sockets.raw_buffer"
726. }
727. }
728. ],
729. "name": "outbound|7000||currencyservice.hipster.svc.cluster.local",
730. "type": "EDS",
731. "edsClusterConfig": {
732. "edsConfig": {
733. "ads": {},
734. "resourceApiVersion": "V3"
735. },
736. "serviceName": "outbound|7000||currencyservice.hipster.svc.cluster.local"
737. },
738. "connectTimeout": "10s",
739. "circuitBreakers": {
740. "thresholds": [
741. {
742. "maxConnections": 4294967295,
743. "maxPendingRequests": 4294967295,
744. "maxRequests": 4294967295,
745. "maxRetries": 4294967295
746. }
747. ]
748. },
749. "http2ProtocolOptions": {
750. "maxConcurrentStreams": 1073741824
751. },
752. "filters": [
753. {
754. "name": "istio.metadata_exchange",
755. "typedConfig": {
756. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
757. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
758. "value": {
759. "protocol": "istio-peer-exchange"
760. }
761. }
762. }
763. ]
764. },
765. {
766. "transportSocketMatches": [
767. {
768. "name": "tlsMode-istio",
769. "match": {
770. "tlsMode": "istio"
771. },
772. "transportSocket": {
773. "name": "envoy.transport_sockets.tls",
774. "typedConfig": {
775. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
776. "commonTlsContext": {
777. "tlsCertificateSdsSecretConfigs": [
778. {
779. "name": "default",
780. "sdsConfig": {
781. "apiConfigSource": {
782. "apiType": "GRPC",
783. "transportApiVersion": "V3",
784. "grpcServices": [
785. {
786. "envoyGrpc": {
787. "clusterName": "sds-grpc"
788. }
789. }
790. ]
791. },
792. "initialFetchTimeout": "0s",
793. "resourceApiVersion": "V3"
794. }
795. }
796. ],
797. "combinedValidationContext": {
798. "defaultValidationContext": {
799. "matchSubjectAltNames": [
800. {
801. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/kube-system/sa/default"
802. }
803. ]
804. },
805. "validationContextSdsSecretConfig": {
806. "name": "ROOTCA",
807. "sdsConfig": {
808. "apiConfigSource": {
809. "apiType": "GRPC",
810. "transportApiVersion": "V3",
811. "grpcServices": [
812. {
813. "envoyGrpc": {
814. "clusterName": "sds-grpc"
815. }
816. }
817. ]
818. },
819. "initialFetchTimeout": "0s",
820. "resourceApiVersion": "V3"
821. }
822. }
823. },
824. "alpnProtocols": [
825. "istio-peer-exchange",
826. "istio"
827. ]
828. },
829. "sni": "outbound_.80_._.default-http-backend.kube-system.svc.cluster.local"
830. }
831. }
832. },
833. {
834. "name": "tlsMode-disabled",
835. "match": {},
836. "transportSocket": {
837. "name": "envoy.transport_sockets.raw_buffer"
838. }
839. }
840. ],
841. "name": "outbound|80||default-http-backend.kube-system.svc.cluster.local",
842. "type": "EDS",
843. "edsClusterConfig": {
844. "edsConfig": {
845. "ads": {},
846. "resourceApiVersion": "V3"
847. },
848. "serviceName": "outbound|80||default-http-backend.kube-system.svc.cluster.local"
849. },
850. "connectTimeout": "10s",
851. "circuitBreakers": {
852. "thresholds": [
853. {
854. "maxConnections": 4294967295,
855. "maxPendingRequests": 4294967295,
856. "maxRequests": 4294967295,
857. "maxRetries": 4294967295
858. }
859. ]
860. },
861. "filters": [
862. {
863. "name": "istio.metadata_exchange",
864. "typedConfig": {
865. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
866. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
867. "value": {
868. "protocol": "istio-peer-exchange"
869. }
870. }
871. }
872. ]
873. },
874. {
875. "transportSocketMatches": [
876. {
877. "name": "tlsMode-istio",
878. "match": {
879. "tlsMode": "istio"
880. },
881. "transportSocket": {
882. "name": "envoy.transport_sockets.tls",
883. "typedConfig": {
884. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
885. "commonTlsContext": {
886. "tlsCertificateSdsSecretConfigs": [
887. {
888. "name": "default",
889. "sdsConfig": {
890. "apiConfigSource": {
891. "apiType": "GRPC",
892. "transportApiVersion": "V3",
893. "grpcServices": [
894. {
895. "envoyGrpc": {
896. "clusterName": "sds-grpc"
897. }
898. }
899. ]
900. },
901. "initialFetchTimeout": "0s",
902. "resourceApiVersion": "V3"
903. }
904. }
905. ],
906. "combinedValidationContext": {
907. "defaultValidationContext": {
908. "matchSubjectAltNames": [
909. {
910. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
911. }
912. ]
913. },
914. "validationContextSdsSecretConfig": {
915. "name": "ROOTCA",
916. "sdsConfig": {
917. "apiConfigSource": {
918. "apiType": "GRPC",
919. "transportApiVersion": "V3",
920. "grpcServices": [
921. {
922. "envoyGrpc": {
923. "clusterName": "sds-grpc"
924. }
925. }
926. ]
927. },
928. "initialFetchTimeout": "0s",
929. "resourceApiVersion": "V3"
930. }
931. }
932. },
933. "alpnProtocols": [
934. "istio-peer-exchange",
935. "istio",
936. "h2"
937. ]
938. },
939. "sni": "outbound_.5000_._.emailservice.hipster.svc.cluster.local"
940. }
941. }
942. },
943. {
944. "name": "tlsMode-disabled",
945. "match": {},
946. "transportSocket": {
947. "name": "envoy.transport_sockets.raw_buffer"
948. }
949. }
950. ],
951. "name": "outbound|5000||emailservice.hipster.svc.cluster.local",
952. "type": "EDS",
953. "edsClusterConfig": {
954. "edsConfig": {
955. "ads": {},
956. "resourceApiVersion": "V3"
957. },
958. "serviceName": "outbound|5000||emailservice.hipster.svc.cluster.local"
959. },
960. "connectTimeout": "10s",
961. "circuitBreakers": {
962. "thresholds": [
963. {
964. "maxConnections": 4294967295,
965. "maxPendingRequests": 4294967295,
966. "maxRequests": 4294967295,
967. "maxRetries": 4294967295
968. }
969. ]
970. },
971. "http2ProtocolOptions": {
972. "maxConcurrentStreams": 1073741824
973. },
974. "filters": [
975. {
976. "name": "istio.metadata_exchange",
977. "typedConfig": {
978. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
979. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
980. "value": {
981. "protocol": "istio-peer-exchange"
982. }
983. }
984. }
985. ]
986. },
987. {
988. "transportSocketMatches": [
989. {
990. "name": "tlsMode-istio",
991. "match": {
992. "tlsMode": "istio"
993. },
994. "transportSocket": {
995. "name": "envoy.transport_sockets.tls",
996. "typedConfig": {
997. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
998. "commonTlsContext": {
999. "tlsCertificateSdsSecretConfigs": [
1000. {
1001. "name": "default",
1002. "sdsConfig": {
1003. "apiConfigSource": {
1004. "apiType": "GRPC",
1005. "transportApiVersion": "V3",
1006. "grpcServices": [
1007. {
1008. "envoyGrpc": {
1009. "clusterName": "sds-grpc"
1010. }
1011. }
1012. ]
1013. },
1014. "initialFetchTimeout": "0s",
1015. "resourceApiVersion": "V3"
1016. }
1017. }
1018. ],
1019. "combinedValidationContext": {
1020. "defaultValidationContext": {
1021. "matchSubjectAltNames": [
1022. {
1023. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
1024. }
1025. ]
1026. },
1027. "validationContextSdsSecretConfig": {
1028. "name": "ROOTCA",
1029. "sdsConfig": {
1030. "apiConfigSource": {
1031. "apiType": "GRPC",
1032. "transportApiVersion": "V3",
1033. "grpcServices": [
1034. {
1035. "envoyGrpc": {
1036. "clusterName": "sds-grpc"
1037. }
1038. }
1039. ]
1040. },
1041. "initialFetchTimeout": "0s",
1042. "resourceApiVersion": "V3"
1043. }
1044. }
1045. },
1046. "alpnProtocols": [
1047. "istio-peer-exchange",
1048. "istio"
1049. ]
1050. },
1051. "sni": "outbound_.80_._.frontend-external.hipster.svc.cluster.local"
1052. }
1053. }
1054. },
1055. {
1056. "name": "tlsMode-disabled",
1057. "match": {},
1058. "transportSocket": {
1059. "name": "envoy.transport_sockets.raw_buffer"
1060. }
1061. }
1062. ],
1063. "name": "outbound|80||frontend-external.hipster.svc.cluster.local",
1064. "type": "EDS",
1065. "edsClusterConfig": {
1066. "edsConfig": {
1067. "ads": {},
1068. "resourceApiVersion": "V3"
1069. },
1070. "serviceName": "outbound|80||frontend-external.hipster.svc.cluster.local"
1071. },
1072. "connectTimeout": "10s",
1073. "circuitBreakers": {
1074. "thresholds": [
1075. {
1076. "maxConnections": 4294967295,
1077. "maxPendingRequests": 4294967295,
1078. "maxRequests": 4294967295,
1079. "maxRetries": 4294967295
1080. }
1081. ]
1082. },
1083. "filters": [
1084. {
1085. "name": "istio.metadata_exchange",
1086. "typedConfig": {
1087. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1088. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1089. "value": {
1090. "protocol": "istio-peer-exchange"
1091. }
1092. }
1093. }
1094. ]
1095. },
1096. {
1097. "transportSocketMatches": [
1098. {
1099. "name": "tlsMode-istio",
1100. "match": {
1101. "tlsMode": "istio"
1102. },
1103. "transportSocket": {
1104. "name": "envoy.transport_sockets.tls",
1105. "typedConfig": {
1106. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1107. "commonTlsContext": {
1108. "tlsCertificateSdsSecretConfigs": [
1109. {
1110. "name": "default",
1111. "sdsConfig": {
1112. "apiConfigSource": {
1113. "apiType": "GRPC",
1114. "transportApiVersion": "V3",
1115. "grpcServices": [
1116. {
1117. "envoyGrpc": {
1118. "clusterName": "sds-grpc"
1119. }
1120. }
1121. ]
1122. },
1123. "initialFetchTimeout": "0s",
1124. "resourceApiVersion": "V3"
1125. }
1126. }
1127. ],
1128. "combinedValidationContext": {
1129. "defaultValidationContext": {
1130. "matchSubjectAltNames": [
1131. {
1132. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
1133. }
1134. ]
1135. },
1136. "validationContextSdsSecretConfig": {
1137. "name": "ROOTCA",
1138. "sdsConfig": {
1139. "apiConfigSource": {
1140. "apiType": "GRPC",
1141. "transportApiVersion": "V3",
1142. "grpcServices": [
1143. {
1144. "envoyGrpc": {
1145. "clusterName": "sds-grpc"
1146. }
1147. }
1148. ]
1149. },
1150. "initialFetchTimeout": "0s",
1151. "resourceApiVersion": "V3"
1152. }
1153. }
1154. },
1155. "alpnProtocols": [
1156. "istio-peer-exchange",
1157. "istio"
1158. ]
1159. },
1160. "sni": "outbound_.80_._.frontend.hipster.svc.cluster.local"
1161. }
1162. }
1163. },
1164. {
1165. "name": "tlsMode-disabled",
1166. "match": {},
1167. "transportSocket": {
1168. "name": "envoy.transport_sockets.raw_buffer"
1169. }
1170. }
1171. ],
1172. "name": "outbound|80||frontend.hipster.svc.cluster.local",
1173. "type": "EDS",
1174. "edsClusterConfig": {
1175. "edsConfig": {
1176. "ads": {},
1177. "resourceApiVersion": "V3"
1178. },
1179. "serviceName": "outbound|80||frontend.hipster.svc.cluster.local"
1180. },
1181. "connectTimeout": "10s",
1182. "circuitBreakers": {
1183. "thresholds": [
1184. {
1185. "maxConnections": 4294967295,
1186. "maxPendingRequests": 4294967295,
1187. "maxRequests": 4294967295,
1188. "maxRetries": 4294967295
1189. }
1190. ]
1191. },
1192. "filters": [
1193. {
1194. "name": "istio.metadata_exchange",
1195. "typedConfig": {
1196. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1197. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1198. "value": {
1199. "protocol": "istio-peer-exchange"
1200. }
1201. }
1202. }
1203. ]
1204. },
1205. {
1206. "transportSocketMatches": [
1207. {
1208. "name": "tlsMode-istio",
1209. "match": {
1210. "tlsMode": "istio"
1211. },
1212. "transportSocket": {
1213. "name": "envoy.transport_sockets.tls",
1214. "typedConfig": {
1215. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1216. "commonTlsContext": {
1217. "tlsCertificateSdsSecretConfigs": [
1218. {
1219. "name": "default",
1220. "sdsConfig": {
1221. "apiConfigSource": {
1222. "apiType": "GRPC",
1223. "transportApiVersion": "V3",
1224. "grpcServices": [
1225. {
1226. "envoyGrpc": {
1227. "clusterName": "sds-grpc"
1228. }
1229. }
1230. ]
1231. },
1232. "initialFetchTimeout": "0s",
1233. "resourceApiVersion": "V3"
1234. }
1235. }
1236. ],
1237. "combinedValidationContext": {
1238. "defaultValidationContext": {
1239. "matchSubjectAltNames": [
1240. {
1241. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/config-management-system/sa/importer"
1242. }
1243. ]
1244. },
1245. "validationContextSdsSecretConfig": {
1246. "name": "ROOTCA",
1247. "sdsConfig": {
1248. "apiConfigSource": {
1249. "apiType": "GRPC",
1250. "transportApiVersion": "V3",
1251. "grpcServices": [
1252. {
1253. "envoyGrpc": {
1254. "clusterName": "sds-grpc"
1255. }
1256. }
1257. ]
1258. },
1259. "initialFetchTimeout": "0s",
1260. "resourceApiVersion": "V3"
1261. }
1262. }
1263. },
1264. "alpnProtocols": [
1265. "istio-peer-exchange",
1266. "istio"
1267. ]
1268. },
1269. "sni": "outbound_.8675_._.git-importer.config-management-system.svc.cluster.local"
1270. }
1271. }
1272. },
1273. {
1274. "name": "tlsMode-disabled",
1275. "match": {},
1276. "transportSocket": {
1277. "name": "envoy.transport_sockets.raw_buffer"
1278. }
1279. }
1280. ],
1281. "name": "outbound|8675||git-importer.config-management-system.svc.cluster.local",
1282. "type": "EDS",
1283. "edsClusterConfig": {
1284. "edsConfig": {
1285. "ads": {},
1286. "resourceApiVersion": "V3"
1287. },
1288. "serviceName": "outbound|8675||git-importer.config-management-system.svc.cluster.local"
1289. },
1290. "connectTimeout": "10s",
1291. "circuitBreakers": {
1292. "thresholds": [
1293. {
1294. "maxConnections": 4294967295,
1295. "maxPendingRequests": 4294967295,
1296. "maxRequests": 4294967295,
1297. "maxRetries": 4294967295
1298. }
1299. ]
1300. },
1301. "filters": [
1302. {
1303. "name": "istio.metadata_exchange",
1304. "typedConfig": {
1305. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1306. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1307. "value": {
1308. "protocol": "istio-peer-exchange"
1309. }
1310. }
1311. }
1312. ]
1313. },
1314. {
1315. "transportSocketMatches": [
1316. {
1317. "name": "tlsMode-istio",
1318. "match": {
1319. "tlsMode": "istio"
1320. },
1321. "transportSocket": {
1322. "name": "envoy.transport_sockets.tls",
1323. "typedConfig": {
1324. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1325. "commonTlsContext": {
1326. "tlsCertificateSdsSecretConfigs": [
1327. {
1328. "name": "default",
1329. "sdsConfig": {
1330. "apiConfigSource": {
1331. "apiType": "GRPC",
1332. "transportApiVersion": "V3",
1333. "grpcServices": [
1334. {
1335. "envoyGrpc": {
1336. "clusterName": "sds-grpc"
1337. }
1338. }
1339. ]
1340. },
1341. "initialFetchTimeout": "0s",
1342. "resourceApiVersion": "V3"
1343. }
1344. }
1345. ],
1346. "combinedValidationContext": {
1347. "defaultValidationContext": {
1348. "matchSubjectAltNames": [
1349. {
1350. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/gke-connect/sa/connect-agent-sa"
1351. }
1352. ]
1353. },
1354. "validationContextSdsSecretConfig": {
1355. "name": "ROOTCA",
1356. "sdsConfig": {
1357. "apiConfigSource": {
1358. "apiType": "GRPC",
1359. "transportApiVersion": "V3",
1360. "grpcServices": [
1361. {
1362. "envoyGrpc": {
1363. "clusterName": "sds-grpc"
1364. }
1365. }
1366. ]
1367. },
1368. "initialFetchTimeout": "0s",
1369. "resourceApiVersion": "V3"
1370. }
1371. }
1372. },
1373. "alpnProtocols": [
1374. "istio-peer-exchange",
1375. "istio"
1376. ]
1377. },
1378. "sni": "outbound_.8080_._.gke-connect-monitoring.gke-connect.svc.cluster.local"
1379. }
1380. }
1381. },
1382. {
1383. "name": "tlsMode-disabled",
1384. "match": {},
1385. "transportSocket": {
1386. "name": "envoy.transport_sockets.raw_buffer"
1387. }
1388. }
1389. ],
1390. "name": "outbound|8080||gke-connect-monitoring.gke-connect.svc.cluster.local",
1391. "type": "EDS",
1392. "edsClusterConfig": {
1393. "edsConfig": {
1394. "ads": {},
1395. "resourceApiVersion": "V3"
1396. },
1397. "serviceName": "outbound|8080||gke-connect-monitoring.gke-connect.svc.cluster.local"
1398. },
1399. "connectTimeout": "10s",
1400. "circuitBreakers": {
1401. "thresholds": [
1402. {
1403. "maxConnections": 4294967295,
1404. "maxPendingRequests": 4294967295,
1405. "maxRequests": 4294967295,
1406. "maxRetries": 4294967295
1407. }
1408. ]
1409. },
1410. "filters": [
1411. {
1412. "name": "istio.metadata_exchange",
1413. "typedConfig": {
1414. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1415. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1416. "value": {
1417. "protocol": "istio-peer-exchange"
1418. }
1419. }
1420. }
1421. ]
1422. },
1423. {
1424. "transportSocketMatches": [
1425. {
1426. "name": "tlsMode-istio",
1427. "match": {
1428. "tlsMode": "istio"
1429. },
1430. "transportSocket": {
1431. "name": "envoy.transport_sockets.tls",
1432. "typedConfig": {
1433. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1434. "commonTlsContext": {
1435. "tlsCertificateSdsSecretConfigs": [
1436. {
1437. "name": "default",
1438. "sdsConfig": {
1439. "apiConfigSource": {
1440. "apiType": "GRPC",
1441. "transportApiVersion": "V3",
1442. "grpcServices": [
1443. {
1444. "envoyGrpc": {
1445. "clusterName": "sds-grpc"
1446. }
1447. }
1448. ]
1449. },
1450. "initialFetchTimeout": "0s",
1451. "resourceApiVersion": "V3"
1452. }
1453. }
1454. ],
1455. "combinedValidationContext": {
1456. "defaultValidationContext": {
1457. "matchSubjectAltNames": [
1458. {
1459. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/sample/sa/default"
1460. }
1461. ]
1462. },
1463. "validationContextSdsSecretConfig": {
1464. "name": "ROOTCA",
1465. "sdsConfig": {
1466. "apiConfigSource": {
1467. "apiType": "GRPC",
1468. "transportApiVersion": "V3",
1469. "grpcServices": [
1470. {
1471. "envoyGrpc": {
1472. "clusterName": "sds-grpc"
1473. }
1474. }
1475. ]
1476. },
1477. "initialFetchTimeout": "0s",
1478. "resourceApiVersion": "V3"
1479. }
1480. }
1481. },
1482. "alpnProtocols": [
1483. "istio-peer-exchange",
1484. "istio"
1485. ]
1486. },
1487. "sni": "outbound_.5000_._.helloworld.sample.svc.cluster.local"
1488. }
1489. }
1490. },
1491. {
1492. "name": "tlsMode-disabled",
1493. "match": {},
1494. "transportSocket": {
1495. "name": "envoy.transport_sockets.raw_buffer"
1496. }
1497. }
1498. ],
1499. "name": "outbound|5000||helloworld.sample.svc.cluster.local",
1500. "type": "EDS",
1501. "edsClusterConfig": {
1502. "edsConfig": {
1503. "ads": {},
1504. "resourceApiVersion": "V3"
1505. },
1506. "serviceName": "outbound|5000||helloworld.sample.svc.cluster.local"
1507. },
1508. "connectTimeout": "10s",
1509. "circuitBreakers": {
1510. "thresholds": [
1511. {
1512. "maxConnections": 4294967295,
1513. "maxPendingRequests": 4294967295,
1514. "maxRequests": 4294967295,
1515. "maxRetries": 4294967295
1516. }
1517. ]
1518. },
1519. "filters": [
1520. {
1521. "name": "istio.metadata_exchange",
1522. "typedConfig": {
1523. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1524. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1525. "value": {
1526. "protocol": "istio-peer-exchange"
1527. }
1528. }
1529. }
1530. ]
1531. },
1532. {
1533. "transportSocketMatches": [
1534. {
1535. "name": "tlsMode-istio",
1536. "match": {
1537. "tlsMode": "istio"
1538. },
1539. "transportSocket": {
1540. "name": "envoy.transport_sockets.tls",
1541. "typedConfig": {
1542. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1543. "commonTlsContext": {
1544. "tlsCertificateSdsSecretConfigs": [
1545. {
1546. "name": "default",
1547. "sdsConfig": {
1548. "apiConfigSource": {
1549. "apiType": "GRPC",
1550. "transportApiVersion": "V3",
1551. "grpcServices": [
1552. {
1553. "envoyGrpc": {
1554. "clusterName": "sds-grpc"
1555. }
1556. }
1557. ]
1558. },
1559. "initialFetchTimeout": "0s",
1560. "resourceApiVersion": "V3"
1561. }
1562. }
1563. ],
1564. "combinedValidationContext": {
1565. "defaultValidationContext": {
1566. "matchSubjectAltNames": [
1567. {
1568. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istio-ingressgateway-service-account"
1569. }
1570. ]
1571. },
1572. "validationContextSdsSecretConfig": {
1573. "name": "ROOTCA",
1574. "sdsConfig": {
1575. "apiConfigSource": {
1576. "apiType": "GRPC",
1577. "transportApiVersion": "V3",
1578. "grpcServices": [
1579. {
1580. "envoyGrpc": {
1581. "clusterName": "sds-grpc"
1582. }
1583. }
1584. ]
1585. },
1586. "initialFetchTimeout": "0s",
1587. "resourceApiVersion": "V3"
1588. }
1589. }
1590. },
1591. "alpnProtocols": [
1592. "istio-peer-exchange",
1593. "istio",
1594. "h2"
1595. ]
1596. },
1597. "sni": "outbound_.80_._.istio-ingressgateway.istio-system.svc.cluster.local"
1598. }
1599. }
1600. },
1601. {
1602. "name": "tlsMode-disabled",
1603. "match": {},
1604. "transportSocket": {
1605. "name": "envoy.transport_sockets.raw_buffer"
1606. }
1607. }
1608. ],
1609. "name": "outbound|80||istio-ingressgateway.istio-system.svc.cluster.local",
1610. "type": "EDS",
1611. "edsClusterConfig": {
1612. "edsConfig": {
1613. "ads": {},
1614. "resourceApiVersion": "V3"
1615. },
1616. "serviceName": "outbound|80||istio-ingressgateway.istio-system.svc.cluster.local"
1617. },
1618. "connectTimeout": "10s",
1619. "circuitBreakers": {
1620. "thresholds": [
1621. {
1622. "maxConnections": 4294967295,
1623. "maxPendingRequests": 4294967295,
1624. "maxRequests": 4294967295,
1625. "maxRetries": 4294967295
1626. }
1627. ]
1628. },
1629. "http2ProtocolOptions": {
1630. "maxConcurrentStreams": 1073741824
1631. },
1632. "filters": [
1633. {
1634. "name": "istio.metadata_exchange",
1635. "typedConfig": {
1636. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1637. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1638. "value": {
1639. "protocol": "istio-peer-exchange"
1640. }
1641. }
1642. }
1643. ]
1644. },
1645. {
1646. "transportSocketMatches": [
1647. {
1648. "name": "tlsMode-istio",
1649. "match": {
1650. "tlsMode": "istio"
1651. },
1652. "transportSocket": {
1653. "name": "envoy.transport_sockets.tls",
1654. "typedConfig": {
1655. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1656. "commonTlsContext": {
1657. "tlsCertificateSdsSecretConfigs": [
1658. {
1659. "name": "default",
1660. "sdsConfig": {
1661. "apiConfigSource": {
1662. "apiType": "GRPC",
1663. "transportApiVersion": "V3",
1664. "grpcServices": [
1665. {
1666. "envoyGrpc": {
1667. "clusterName": "sds-grpc"
1668. }
1669. }
1670. ]
1671. },
1672. "initialFetchTimeout": "0s",
1673. "resourceApiVersion": "V3"
1674. }
1675. }
1676. ],
1677. "combinedValidationContext": {
1678. "defaultValidationContext": {
1679. "matchSubjectAltNames": [
1680. {
1681. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istio-ingressgateway-service-account"
1682. }
1683. ]
1684. },
1685. "validationContextSdsSecretConfig": {
1686. "name": "ROOTCA",
1687. "sdsConfig": {
1688. "apiConfigSource": {
1689. "apiType": "GRPC",
1690. "transportApiVersion": "V3",
1691. "grpcServices": [
1692. {
1693. "envoyGrpc": {
1694. "clusterName": "sds-grpc"
1695. }
1696. }
1697. ]
1698. },
1699. "initialFetchTimeout": "0s",
1700. "resourceApiVersion": "V3"
1701. }
1702. }
1703. },
1704. "alpnProtocols": [
1705. "istio-peer-exchange",
1706. "istio"
1707. ]
1708. },
1709. "sni": "outbound_.443_._.istio-ingressgateway.istio-system.svc.cluster.local"
1710. }
1711. }
1712. },
1713. {
1714. "name": "tlsMode-disabled",
1715. "match": {},
1716. "transportSocket": {
1717. "name": "envoy.transport_sockets.raw_buffer"
1718. }
1719. }
1720. ],
1721. "name": "outbound|443||istio-ingressgateway.istio-system.svc.cluster.local",
1722. "type": "EDS",
1723. "edsClusterConfig": {
1724. "edsConfig": {
1725. "ads": {},
1726. "resourceApiVersion": "V3"
1727. },
1728. "serviceName": "outbound|443||istio-ingressgateway.istio-system.svc.cluster.local"
1729. },
1730. "connectTimeout": "10s",
1731. "circuitBreakers": {
1732. "thresholds": [
1733. {
1734. "maxConnections": 4294967295,
1735. "maxPendingRequests": 4294967295,
1736. "maxRequests": 4294967295,
1737. "maxRetries": 4294967295
1738. }
1739. ]
1740. },
1741. "filters": [
1742. {
1743. "name": "istio.metadata_exchange",
1744. "typedConfig": {
1745. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1746. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1747. "value": {
1748. "protocol": "istio-peer-exchange"
1749. }
1750. }
1751. }
1752. ]
1753. },
1754. {
1755. "transportSocketMatches": [
1756. {
1757. "name": "tlsMode-istio",
1758. "match": {
1759. "tlsMode": "istio"
1760. },
1761. "transportSocket": {
1762. "name": "envoy.transport_sockets.tls",
1763. "typedConfig": {
1764. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1765. "commonTlsContext": {
1766. "tlsCertificateSdsSecretConfigs": [
1767. {
1768. "name": "default",
1769. "sdsConfig": {
1770. "apiConfigSource": {
1771. "apiType": "GRPC",
1772. "transportApiVersion": "V3",
1773. "grpcServices": [
1774. {
1775. "envoyGrpc": {
1776. "clusterName": "sds-grpc"
1777. }
1778. }
1779. ]
1780. },
1781. "initialFetchTimeout": "0s",
1782. "resourceApiVersion": "V3"
1783. }
1784. }
1785. ],
1786. "combinedValidationContext": {
1787. "defaultValidationContext": {
1788. "matchSubjectAltNames": [
1789. {
1790. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istio-ingressgateway-service-account"
1791. }
1792. ]
1793. },
1794. "validationContextSdsSecretConfig": {
1795. "name": "ROOTCA",
1796. "sdsConfig": {
1797. "apiConfigSource": {
1798. "apiType": "GRPC",
1799. "transportApiVersion": "V3",
1800. "grpcServices": [
1801. {
1802. "envoyGrpc": {
1803. "clusterName": "sds-grpc"
1804. }
1805. }
1806. ]
1807. },
1808. "initialFetchTimeout": "0s",
1809. "resourceApiVersion": "V3"
1810. }
1811. }
1812. },
1813. "alpnProtocols": [
1814. "istio-peer-exchange",
1815. "istio"
1816. ]
1817. },
1818. "sni": "outbound_.15021_._.istio-ingressgateway.istio-system.svc.cluster.local"
1819. }
1820. }
1821. },
1822. {
1823. "name": "tlsMode-disabled",
1824. "match": {},
1825. "transportSocket": {
1826. "name": "envoy.transport_sockets.raw_buffer"
1827. }
1828. }
1829. ],
1830. "name": "outbound|15021||istio-ingressgateway.istio-system.svc.cluster.local",
1831. "type": "EDS",
1832. "edsClusterConfig": {
1833. "edsConfig": {
1834. "ads": {},
1835. "resourceApiVersion": "V3"
1836. },
1837. "serviceName": "outbound|15021||istio-ingressgateway.istio-system.svc.cluster.local"
1838. },
1839. "connectTimeout": "10s",
1840. "circuitBreakers": {
1841. "thresholds": [
1842. {
1843. "maxConnections": 4294967295,
1844. "maxPendingRequests": 4294967295,
1845. "maxRequests": 4294967295,
1846. "maxRetries": 4294967295
1847. }
1848. ]
1849. },
1850. "filters": [
1851. {
1852. "name": "istio.metadata_exchange",
1853. "typedConfig": {
1854. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1855. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1856. "value": {
1857. "protocol": "istio-peer-exchange"
1858. }
1859. }
1860. }
1861. ]
1862. },
1863. {
1864. "transportSocketMatches": [
1865. {
1866. "name": "tlsMode-istio",
1867. "match": {
1868. "tlsMode": "istio"
1869. },
1870. "transportSocket": {
1871. "name": "envoy.transport_sockets.tls",
1872. "typedConfig": {
1873. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1874. "commonTlsContext": {
1875. "tlsCertificateSdsSecretConfigs": [
1876. {
1877. "name": "default",
1878. "sdsConfig": {
1879. "apiConfigSource": {
1880. "apiType": "GRPC",
1881. "transportApiVersion": "V3",
1882. "grpcServices": [
1883. {
1884. "envoyGrpc": {
1885. "clusterName": "sds-grpc"
1886. }
1887. }
1888. ]
1889. },
1890. "initialFetchTimeout": "0s",
1891. "resourceApiVersion": "V3"
1892. }
1893. }
1894. ],
1895. "combinedValidationContext": {
1896. "defaultValidationContext": {
1897. "matchSubjectAltNames": [
1898. {
1899. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istio-ingressgateway-service-account"
1900. }
1901. ]
1902. },
1903. "validationContextSdsSecretConfig": {
1904. "name": "ROOTCA",
1905. "sdsConfig": {
1906. "apiConfigSource": {
1907. "apiType": "GRPC",
1908. "transportApiVersion": "V3",
1909. "grpcServices": [
1910. {
1911. "envoyGrpc": {
1912. "clusterName": "sds-grpc"
1913. }
1914. }
1915. ]
1916. },
1917. "initialFetchTimeout": "0s",
1918. "resourceApiVersion": "V3"
1919. }
1920. }
1921. },
1922. "alpnProtocols": [
1923. "istio-peer-exchange",
1924. "istio"
1925. ]
1926. },
1927. "sni": "outbound_.15443_._.istio-ingressgateway.istio-system.svc.cluster.local"
1928. }
1929. }
1930. },
1931. {
1932. "name": "tlsMode-disabled",
1933. "match": {},
1934. "transportSocket": {
1935. "name": "envoy.transport_sockets.raw_buffer"
1936. }
1937. }
1938. ],
1939. "name": "outbound|15443||istio-ingressgateway.istio-system.svc.cluster.local",
1940. "type": "EDS",
1941. "edsClusterConfig": {
1942. "edsConfig": {
1943. "ads": {},
1944. "resourceApiVersion": "V3"
1945. },
1946. "serviceName": "outbound|15443||istio-ingressgateway.istio-system.svc.cluster.local"
1947. },
1948. "connectTimeout": "10s",
1949. "circuitBreakers": {
1950. "thresholds": [
1951. {
1952. "maxConnections": 4294967295,
1953. "maxPendingRequests": 4294967295,
1954. "maxRequests": 4294967295,
1955. "maxRetries": 4294967295
1956. }
1957. ]
1958. },
1959. "filters": [
1960. {
1961. "name": "istio.metadata_exchange",
1962. "typedConfig": {
1963. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
1964. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
1965. "value": {
1966. "protocol": "istio-peer-exchange"
1967. }
1968. }
1969. }
1970. ]
1971. },
1972. {
1973. "transportSocketMatches": [
1974. {
1975. "name": "tlsMode-istio",
1976. "match": {
1977. "tlsMode": "istio"
1978. },
1979. "transportSocket": {
1980. "name": "envoy.transport_sockets.tls",
1981. "typedConfig": {
1982. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
1983. "commonTlsContext": {
1984. "tlsCertificateSdsSecretConfigs": [
1985. {
1986. "name": "default",
1987. "sdsConfig": {
1988. "apiConfigSource": {
1989. "apiType": "GRPC",
1990. "transportApiVersion": "V3",
1991. "grpcServices": [
1992. {
1993. "envoyGrpc": {
1994. "clusterName": "sds-grpc"
1995. }
1996. }
1997. ]
1998. },
1999. "initialFetchTimeout": "0s",
2000. "resourceApiVersion": "V3"
2001. }
2002. }
2003. ],
2004. "combinedValidationContext": {
2005. "defaultValidationContext": {
2006. "matchSubjectAltNames": [
2007. {
2008. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2009. }
2010. ]
2011. },
2012. "validationContextSdsSecretConfig": {
2013. "name": "ROOTCA",
2014. "sdsConfig": {
2015. "apiConfigSource": {
2016. "apiType": "GRPC",
2017. "transportApiVersion": "V3",
2018. "grpcServices": [
2019. {
2020. "envoyGrpc": {
2021. "clusterName": "sds-grpc"
2022. }
2023. }
2024. ]
2025. },
2026. "initialFetchTimeout": "0s",
2027. "resourceApiVersion": "V3"
2028. }
2029. }
2030. },
2031. "alpnProtocols": [
2032. "istio-peer-exchange",
2033. "istio"
2034. ]
2035. },
2036. "sni": "outbound_.443_._.istiod-asm-173-6.istio-system.svc.cluster.local"
2037. }
2038. }
2039. },
2040. {
2041. "name": "tlsMode-disabled",
2042. "match": {},
2043. "transportSocket": {
2044. "name": "envoy.transport_sockets.raw_buffer"
2045. }
2046. }
2047. ],
2048. "name": "outbound|443||istiod-asm-173-6.istio-system.svc.cluster.local",
2049. "type": "EDS",
2050. "edsClusterConfig": {
2051. "edsConfig": {
2052. "ads": {},
2053. "resourceApiVersion": "V3"
2054. },
2055. "serviceName": "outbound|443||istiod-asm-173-6.istio-system.svc.cluster.local"
2056. },
2057. "connectTimeout": "10s",
2058. "circuitBreakers": {
2059. "thresholds": [
2060. {
2061. "maxConnections": 4294967295,
2062. "maxPendingRequests": 4294967295,
2063. "maxRequests": 4294967295,
2064. "maxRetries": 4294967295
2065. }
2066. ]
2067. },
2068. "filters": [
2069. {
2070. "name": "istio.metadata_exchange",
2071. "typedConfig": {
2072. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2073. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2074. "value": {
2075. "protocol": "istio-peer-exchange"
2076. }
2077. }
2078. }
2079. ]
2080. },
2081. {
2082. "transportSocketMatches": [
2083. {
2084. "name": "tlsMode-istio",
2085. "match": {
2086. "tlsMode": "istio"
2087. },
2088. "transportSocket": {
2089. "name": "envoy.transport_sockets.tls",
2090. "typedConfig": {
2091. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2092. "commonTlsContext": {
2093. "tlsCertificateSdsSecretConfigs": [
2094. {
2095. "name": "default",
2096. "sdsConfig": {
2097. "apiConfigSource": {
2098. "apiType": "GRPC",
2099. "transportApiVersion": "V3",
2100. "grpcServices": [
2101. {
2102. "envoyGrpc": {
2103. "clusterName": "sds-grpc"
2104. }
2105. }
2106. ]
2107. },
2108. "initialFetchTimeout": "0s",
2109. "resourceApiVersion": "V3"
2110. }
2111. }
2112. ],
2113. "combinedValidationContext": {
2114. "defaultValidationContext": {
2115. "matchSubjectAltNames": [
2116. {
2117. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2118. }
2119. ]
2120. },
2121. "validationContextSdsSecretConfig": {
2122. "name": "ROOTCA",
2123. "sdsConfig": {
2124. "apiConfigSource": {
2125. "apiType": "GRPC",
2126. "transportApiVersion": "V3",
2127. "grpcServices": [
2128. {
2129. "envoyGrpc": {
2130. "clusterName": "sds-grpc"
2131. }
2132. }
2133. ]
2134. },
2135. "initialFetchTimeout": "0s",
2136. "resourceApiVersion": "V3"
2137. }
2138. }
2139. },
2140. "alpnProtocols": [
2141. "istio-peer-exchange",
2142. "istio"
2143. ]
2144. },
2145. "sni": "outbound_.853_._.istiod-asm-173-6.istio-system.svc.cluster.local"
2146. }
2147. }
2148. },
2149. {
2150. "name": "tlsMode-disabled",
2151. "match": {},
2152. "transportSocket": {
2153. "name": "envoy.transport_sockets.raw_buffer"
2154. }
2155. }
2156. ],
2157. "name": "outbound|853||istiod-asm-173-6.istio-system.svc.cluster.local",
2158. "type": "EDS",
2159. "edsClusterConfig": {
2160. "edsConfig": {
2161. "ads": {},
2162. "resourceApiVersion": "V3"
2163. },
2164. "serviceName": "outbound|853||istiod-asm-173-6.istio-system.svc.cluster.local"
2165. },
2166. "connectTimeout": "10s",
2167. "circuitBreakers": {
2168. "thresholds": [
2169. {
2170. "maxConnections": 4294967295,
2171. "maxPendingRequests": 4294967295,
2172. "maxRequests": 4294967295,
2173. "maxRetries": 4294967295
2174. }
2175. ]
2176. },
2177. "filters": [
2178. {
2179. "name": "istio.metadata_exchange",
2180. "typedConfig": {
2181. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2182. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2183. "value": {
2184. "protocol": "istio-peer-exchange"
2185. }
2186. }
2187. }
2188. ]
2189. },
2190. {
2191. "transportSocketMatches": [
2192. {
2193. "name": "tlsMode-istio",
2194. "match": {
2195. "tlsMode": "istio"
2196. },
2197. "transportSocket": {
2198. "name": "envoy.transport_sockets.tls",
2199. "typedConfig": {
2200. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2201. "commonTlsContext": {
2202. "tlsCertificateSdsSecretConfigs": [
2203. {
2204. "name": "default",
2205. "sdsConfig": {
2206. "apiConfigSource": {
2207. "apiType": "GRPC",
2208. "transportApiVersion": "V3",
2209. "grpcServices": [
2210. {
2211. "envoyGrpc": {
2212. "clusterName": "sds-grpc"
2213. }
2214. }
2215. ]
2216. },
2217. "initialFetchTimeout": "0s",
2218. "resourceApiVersion": "V3"
2219. }
2220. }
2221. ],
2222. "combinedValidationContext": {
2223. "defaultValidationContext": {
2224. "matchSubjectAltNames": [
2225. {
2226. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2227. }
2228. ]
2229. },
2230. "validationContextSdsSecretConfig": {
2231. "name": "ROOTCA",
2232. "sdsConfig": {
2233. "apiConfigSource": {
2234. "apiType": "GRPC",
2235. "transportApiVersion": "V3",
2236. "grpcServices": [
2237. {
2238. "envoyGrpc": {
2239. "clusterName": "sds-grpc"
2240. }
2241. }
2242. ]
2243. },
2244. "initialFetchTimeout": "0s",
2245. "resourceApiVersion": "V3"
2246. }
2247. }
2248. },
2249. "alpnProtocols": [
2250. "istio-peer-exchange",
2251. "istio",
2252. "h2"
2253. ]
2254. },
2255. "sni": "outbound_.15010_._.istiod-asm-173-6.istio-system.svc.cluster.local"
2256. }
2257. }
2258. },
2259. {
2260. "name": "tlsMode-disabled",
2261. "match": {},
2262. "transportSocket": {
2263. "name": "envoy.transport_sockets.raw_buffer"
2264. }
2265. }
2266. ],
2267. "name": "outbound|15010||istiod-asm-173-6.istio-system.svc.cluster.local",
2268. "type": "EDS",
2269. "edsClusterConfig": {
2270. "edsConfig": {
2271. "ads": {},
2272. "resourceApiVersion": "V3"
2273. },
2274. "serviceName": "outbound|15010||istiod-asm-173-6.istio-system.svc.cluster.local"
2275. },
2276. "connectTimeout": "10s",
2277. "circuitBreakers": {
2278. "thresholds": [
2279. {
2280. "maxConnections": 4294967295,
2281. "maxPendingRequests": 4294967295,
2282. "maxRequests": 4294967295,
2283. "maxRetries": 4294967295
2284. }
2285. ]
2286. },
2287. "http2ProtocolOptions": {
2288. "maxConcurrentStreams": 1073741824
2289. },
2290. "filters": [
2291. {
2292. "name": "istio.metadata_exchange",
2293. "typedConfig": {
2294. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2295. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2296. "value": {
2297. "protocol": "istio-peer-exchange"
2298. }
2299. }
2300. }
2301. ]
2302. },
2303. {
2304. "transportSocketMatches": [
2305. {
2306. "name": "tlsMode-istio",
2307. "match": {
2308. "tlsMode": "istio"
2309. },
2310. "transportSocket": {
2311. "name": "envoy.transport_sockets.tls",
2312. "typedConfig": {
2313. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2314. "commonTlsContext": {
2315. "tlsCertificateSdsSecretConfigs": [
2316. {
2317. "name": "default",
2318. "sdsConfig": {
2319. "apiConfigSource": {
2320. "apiType": "GRPC",
2321. "transportApiVersion": "V3",
2322. "grpcServices": [
2323. {
2324. "envoyGrpc": {
2325. "clusterName": "sds-grpc"
2326. }
2327. }
2328. ]
2329. },
2330. "initialFetchTimeout": "0s",
2331. "resourceApiVersion": "V3"
2332. }
2333. }
2334. ],
2335. "combinedValidationContext": {
2336. "defaultValidationContext": {
2337. "matchSubjectAltNames": [
2338. {
2339. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2340. }
2341. ]
2342. },
2343. "validationContextSdsSecretConfig": {
2344. "name": "ROOTCA",
2345. "sdsConfig": {
2346. "apiConfigSource": {
2347. "apiType": "GRPC",
2348. "transportApiVersion": "V3",
2349. "grpcServices": [
2350. {
2351. "envoyGrpc": {
2352. "clusterName": "sds-grpc"
2353. }
2354. }
2355. ]
2356. },
2357. "initialFetchTimeout": "0s",
2358. "resourceApiVersion": "V3"
2359. }
2360. }
2361. },
2362. "alpnProtocols": [
2363. "istio-peer-exchange",
2364. "istio"
2365. ]
2366. },
2367. "sni": "outbound_.15012_._.istiod-asm-173-6.istio-system.svc.cluster.local"
2368. }
2369. }
2370. },
2371. {
2372. "name": "tlsMode-disabled",
2373. "match": {},
2374. "transportSocket": {
2375. "name": "envoy.transport_sockets.raw_buffer"
2376. }
2377. }
2378. ],
2379. "name": "outbound|15012||istiod-asm-173-6.istio-system.svc.cluster.local",
2380. "type": "EDS",
2381. "edsClusterConfig": {
2382. "edsConfig": {
2383. "ads": {},
2384. "resourceApiVersion": "V3"
2385. },
2386. "serviceName": "outbound|15012||istiod-asm-173-6.istio-system.svc.cluster.local"
2387. },
2388. "connectTimeout": "10s",
2389. "circuitBreakers": {
2390. "thresholds": [
2391. {
2392. "maxConnections": 4294967295,
2393. "maxPendingRequests": 4294967295,
2394. "maxRequests": 4294967295,
2395. "maxRetries": 4294967295
2396. }
2397. ]
2398. },
2399. "filters": [
2400. {
2401. "name": "istio.metadata_exchange",
2402. "typedConfig": {
2403. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2404. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2405. "value": {
2406. "protocol": "istio-peer-exchange"
2407. }
2408. }
2409. }
2410. ]
2411. },
2412. {
2413. "transportSocketMatches": [
2414. {
2415. "name": "tlsMode-istio",
2416. "match": {
2417. "tlsMode": "istio"
2418. },
2419. "transportSocket": {
2420. "name": "envoy.transport_sockets.tls",
2421. "typedConfig": {
2422. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2423. "commonTlsContext": {
2424. "tlsCertificateSdsSecretConfigs": [
2425. {
2426. "name": "default",
2427. "sdsConfig": {
2428. "apiConfigSource": {
2429. "apiType": "GRPC",
2430. "transportApiVersion": "V3",
2431. "grpcServices": [
2432. {
2433. "envoyGrpc": {
2434. "clusterName": "sds-grpc"
2435. }
2436. }
2437. ]
2438. },
2439. "initialFetchTimeout": "0s",
2440. "resourceApiVersion": "V3"
2441. }
2442. }
2443. ],
2444. "combinedValidationContext": {
2445. "defaultValidationContext": {
2446. "matchSubjectAltNames": [
2447. {
2448. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2449. }
2450. ]
2451. },
2452. "validationContextSdsSecretConfig": {
2453. "name": "ROOTCA",
2454. "sdsConfig": {
2455. "apiConfigSource": {
2456. "apiType": "GRPC",
2457. "transportApiVersion": "V3",
2458. "grpcServices": [
2459. {
2460. "envoyGrpc": {
2461. "clusterName": "sds-grpc"
2462. }
2463. }
2464. ]
2465. },
2466. "initialFetchTimeout": "0s",
2467. "resourceApiVersion": "V3"
2468. }
2469. }
2470. },
2471. "alpnProtocols": [
2472. "istio-peer-exchange",
2473. "istio"
2474. ]
2475. },
2476. "sni": "outbound_.15014_._.istiod-asm-173-6.istio-system.svc.cluster.local"
2477. }
2478. }
2479. },
2480. {
2481. "name": "tlsMode-disabled",
2482. "match": {},
2483. "transportSocket": {
2484. "name": "envoy.transport_sockets.raw_buffer"
2485. }
2486. }
2487. ],
2488. "name": "outbound|15014||istiod-asm-173-6.istio-system.svc.cluster.local",
2489. "type": "EDS",
2490. "edsClusterConfig": {
2491. "edsConfig": {
2492. "ads": {},
2493. "resourceApiVersion": "V3"
2494. },
2495. "serviceName": "outbound|15014||istiod-asm-173-6.istio-system.svc.cluster.local"
2496. },
2497. "connectTimeout": "10s",
2498. "circuitBreakers": {
2499. "thresholds": [
2500. {
2501. "maxConnections": 4294967295,
2502. "maxPendingRequests": 4294967295,
2503. "maxRequests": 4294967295,
2504. "maxRetries": 4294967295
2505. }
2506. ]
2507. },
2508. "filters": [
2509. {
2510. "name": "istio.metadata_exchange",
2511. "typedConfig": {
2512. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2513. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2514. "value": {
2515. "protocol": "istio-peer-exchange"
2516. }
2517. }
2518. }
2519. ]
2520. },
2521. {
2522. "transportSocketMatches": [
2523. {
2524. "name": "tlsMode-istio",
2525. "match": {
2526. "tlsMode": "istio"
2527. },
2528. "transportSocket": {
2529. "name": "envoy.transport_sockets.tls",
2530. "typedConfig": {
2531. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2532. "commonTlsContext": {
2533. "tlsCertificateSdsSecretConfigs": [
2534. {
2535. "name": "default",
2536. "sdsConfig": {
2537. "apiConfigSource": {
2538. "apiType": "GRPC",
2539. "transportApiVersion": "V3",
2540. "grpcServices": [
2541. {
2542. "envoyGrpc": {
2543. "clusterName": "sds-grpc"
2544. }
2545. }
2546. ]
2547. },
2548. "initialFetchTimeout": "0s",
2549. "resourceApiVersion": "V3"
2550. }
2551. }
2552. ],
2553. "combinedValidationContext": {
2554. "defaultValidationContext": {
2555. "matchSubjectAltNames": [
2556. {
2557. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2558. }
2559. ]
2560. },
2561. "validationContextSdsSecretConfig": {
2562. "name": "ROOTCA",
2563. "sdsConfig": {
2564. "apiConfigSource": {
2565. "apiType": "GRPC",
2566. "transportApiVersion": "V3",
2567. "grpcServices": [
2568. {
2569. "envoyGrpc": {
2570. "clusterName": "sds-grpc"
2571. }
2572. }
2573. ]
2574. },
2575. "initialFetchTimeout": "0s",
2576. "resourceApiVersion": "V3"
2577. }
2578. }
2579. },
2580. "alpnProtocols": [
2581. "istio-peer-exchange",
2582. "istio"
2583. ]
2584. },
2585. "sni": "outbound_.443_._.istiod.istio-system.svc.cluster.local"
2586. }
2587. }
2588. },
2589. {
2590. "name": "tlsMode-disabled",
2591. "match": {},
2592. "transportSocket": {
2593. "name": "envoy.transport_sockets.raw_buffer"
2594. }
2595. }
2596. ],
2597. "name": "outbound|443||istiod.istio-system.svc.cluster.local",
2598. "type": "EDS",
2599. "edsClusterConfig": {
2600. "edsConfig": {
2601. "ads": {},
2602. "resourceApiVersion": "V3"
2603. },
2604. "serviceName": "outbound|443||istiod.istio-system.svc.cluster.local"
2605. },
2606. "connectTimeout": "10s",
2607. "circuitBreakers": {
2608. "thresholds": [
2609. {
2610. "maxConnections": 4294967295,
2611. "maxPendingRequests": 4294967295,
2612. "maxRequests": 4294967295,
2613. "maxRetries": 4294967295
2614. }
2615. ]
2616. },
2617. "filters": [
2618. {
2619. "name": "istio.metadata_exchange",
2620. "typedConfig": {
2621. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2622. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2623. "value": {
2624. "protocol": "istio-peer-exchange"
2625. }
2626. }
2627. }
2628. ]
2629. },
2630. {
2631. "transportSocketMatches": [
2632. {
2633. "name": "tlsMode-istio",
2634. "match": {
2635. "tlsMode": "istio"
2636. },
2637. "transportSocket": {
2638. "name": "envoy.transport_sockets.tls",
2639. "typedConfig": {
2640. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2641. "commonTlsContext": {
2642. "tlsCertificateSdsSecretConfigs": [
2643. {
2644. "name": "default",
2645. "sdsConfig": {
2646. "apiConfigSource": {
2647. "apiType": "GRPC",
2648. "transportApiVersion": "V3",
2649. "grpcServices": [
2650. {
2651. "envoyGrpc": {
2652. "clusterName": "sds-grpc"
2653. }
2654. }
2655. ]
2656. },
2657. "initialFetchTimeout": "0s",
2658. "resourceApiVersion": "V3"
2659. }
2660. }
2661. ],
2662. "combinedValidationContext": {
2663. "defaultValidationContext": {
2664. "matchSubjectAltNames": [
2665. {
2666. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2667. }
2668. ]
2669. },
2670. "validationContextSdsSecretConfig": {
2671. "name": "ROOTCA",
2672. "sdsConfig": {
2673. "apiConfigSource": {
2674. "apiType": "GRPC",
2675. "transportApiVersion": "V3",
2676. "grpcServices": [
2677. {
2678. "envoyGrpc": {
2679. "clusterName": "sds-grpc"
2680. }
2681. }
2682. ]
2683. },
2684. "initialFetchTimeout": "0s",
2685. "resourceApiVersion": "V3"
2686. }
2687. }
2688. },
2689. "alpnProtocols": [
2690. "istio-peer-exchange",
2691. "istio",
2692. "h2"
2693. ]
2694. },
2695. "sni": "outbound_.15010_._.istiod.istio-system.svc.cluster.local"
2696. }
2697. }
2698. },
2699. {
2700. "name": "tlsMode-disabled",
2701. "match": {},
2702. "transportSocket": {
2703. "name": "envoy.transport_sockets.raw_buffer"
2704. }
2705. }
2706. ],
2707. "name": "outbound|15010||istiod.istio-system.svc.cluster.local",
2708. "type": "EDS",
2709. "edsClusterConfig": {
2710. "edsConfig": {
2711. "ads": {},
2712. "resourceApiVersion": "V3"
2713. },
2714. "serviceName": "outbound|15010||istiod.istio-system.svc.cluster.local"
2715. },
2716. "connectTimeout": "10s",
2717. "circuitBreakers": {
2718. "thresholds": [
2719. {
2720. "maxConnections": 4294967295,
2721. "maxPendingRequests": 4294967295,
2722. "maxRequests": 4294967295,
2723. "maxRetries": 4294967295
2724. }
2725. ]
2726. },
2727. "http2ProtocolOptions": {
2728. "maxConcurrentStreams": 1073741824
2729. },
2730. "filters": [
2731. {
2732. "name": "istio.metadata_exchange",
2733. "typedConfig": {
2734. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2735. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2736. "value": {
2737. "protocol": "istio-peer-exchange"
2738. }
2739. }
2740. }
2741. ]
2742. },
2743. {
2744. "transportSocketMatches": [
2745. {
2746. "name": "tlsMode-istio",
2747. "match": {
2748. "tlsMode": "istio"
2749. },
2750. "transportSocket": {
2751. "name": "envoy.transport_sockets.tls",
2752. "typedConfig": {
2753. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2754. "commonTlsContext": {
2755. "tlsCertificateSdsSecretConfigs": [
2756. {
2757. "name": "default",
2758. "sdsConfig": {
2759. "apiConfigSource": {
2760. "apiType": "GRPC",
2761. "transportApiVersion": "V3",
2762. "grpcServices": [
2763. {
2764. "envoyGrpc": {
2765. "clusterName": "sds-grpc"
2766. }
2767. }
2768. ]
2769. },
2770. "initialFetchTimeout": "0s",
2771. "resourceApiVersion": "V3"
2772. }
2773. }
2774. ],
2775. "combinedValidationContext": {
2776. "defaultValidationContext": {
2777. "matchSubjectAltNames": [
2778. {
2779. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2780. }
2781. ]
2782. },
2783. "validationContextSdsSecretConfig": {
2784. "name": "ROOTCA",
2785. "sdsConfig": {
2786. "apiConfigSource": {
2787. "apiType": "GRPC",
2788. "transportApiVersion": "V3",
2789. "grpcServices": [
2790. {
2791. "envoyGrpc": {
2792. "clusterName": "sds-grpc"
2793. }
2794. }
2795. ]
2796. },
2797. "initialFetchTimeout": "0s",
2798. "resourceApiVersion": "V3"
2799. }
2800. }
2801. },
2802. "alpnProtocols": [
2803. "istio-peer-exchange",
2804. "istio"
2805. ]
2806. },
2807. "sni": "outbound_.15012_._.istiod.istio-system.svc.cluster.local"
2808. }
2809. }
2810. },
2811. {
2812. "name": "tlsMode-disabled",
2813. "match": {},
2814. "transportSocket": {
2815. "name": "envoy.transport_sockets.raw_buffer"
2816. }
2817. }
2818. ],
2819. "name": "outbound|15012||istiod.istio-system.svc.cluster.local",
2820. "type": "EDS",
2821. "edsClusterConfig": {
2822. "edsConfig": {
2823. "ads": {},
2824. "resourceApiVersion": "V3"
2825. },
2826. "serviceName": "outbound|15012||istiod.istio-system.svc.cluster.local"
2827. },
2828. "connectTimeout": "10s",
2829. "circuitBreakers": {
2830. "thresholds": [
2831. {
2832. "maxConnections": 4294967295,
2833. "maxPendingRequests": 4294967295,
2834. "maxRequests": 4294967295,
2835. "maxRetries": 4294967295
2836. }
2837. ]
2838. },
2839. "filters": [
2840. {
2841. "name": "istio.metadata_exchange",
2842. "typedConfig": {
2843. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2844. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2845. "value": {
2846. "protocol": "istio-peer-exchange"
2847. }
2848. }
2849. }
2850. ]
2851. },
2852. {
2853. "transportSocketMatches": [
2854. {
2855. "name": "tlsMode-istio",
2856. "match": {
2857. "tlsMode": "istio"
2858. },
2859. "transportSocket": {
2860. "name": "envoy.transport_sockets.tls",
2861. "typedConfig": {
2862. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2863. "commonTlsContext": {
2864. "tlsCertificateSdsSecretConfigs": [
2865. {
2866. "name": "default",
2867. "sdsConfig": {
2868. "apiConfigSource": {
2869. "apiType": "GRPC",
2870. "transportApiVersion": "V3",
2871. "grpcServices": [
2872. {
2873. "envoyGrpc": {
2874. "clusterName": "sds-grpc"
2875. }
2876. }
2877. ]
2878. },
2879. "initialFetchTimeout": "0s",
2880. "resourceApiVersion": "V3"
2881. }
2882. }
2883. ],
2884. "combinedValidationContext": {
2885. "defaultValidationContext": {
2886. "matchSubjectAltNames": [
2887. {
2888. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/istio-system/sa/istiod-service-account"
2889. }
2890. ]
2891. },
2892. "validationContextSdsSecretConfig": {
2893. "name": "ROOTCA",
2894. "sdsConfig": {
2895. "apiConfigSource": {
2896. "apiType": "GRPC",
2897. "transportApiVersion": "V3",
2898. "grpcServices": [
2899. {
2900. "envoyGrpc": {
2901. "clusterName": "sds-grpc"
2902. }
2903. }
2904. ]
2905. },
2906. "initialFetchTimeout": "0s",
2907. "resourceApiVersion": "V3"
2908. }
2909. }
2910. },
2911. "alpnProtocols": [
2912. "istio-peer-exchange",
2913. "istio"
2914. ]
2915. },
2916. "sni": "outbound_.15014_._.istiod.istio-system.svc.cluster.local"
2917. }
2918. }
2919. },
2920. {
2921. "name": "tlsMode-disabled",
2922. "match": {},
2923. "transportSocket": {
2924. "name": "envoy.transport_sockets.raw_buffer"
2925. }
2926. }
2927. ],
2928. "name": "outbound|15014||istiod.istio-system.svc.cluster.local",
2929. "type": "EDS",
2930. "edsClusterConfig": {
2931. "edsConfig": {
2932. "ads": {},
2933. "resourceApiVersion": "V3"
2934. },
2935. "serviceName": "outbound|15014||istiod.istio-system.svc.cluster.local"
2936. },
2937. "connectTimeout": "10s",
2938. "circuitBreakers": {
2939. "thresholds": [
2940. {
2941. "maxConnections": 4294967295,
2942. "maxPendingRequests": 4294967295,
2943. "maxRequests": 4294967295,
2944. "maxRetries": 4294967295
2945. }
2946. ]
2947. },
2948. "filters": [
2949. {
2950. "name": "istio.metadata_exchange",
2951. "typedConfig": {
2952. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
2953. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
2954. "value": {
2955. "protocol": "istio-peer-exchange"
2956. }
2957. }
2958. }
2959. ]
2960. },
2961. {
2962. "transportSocketMatches": [
2963. {
2964. "name": "tlsMode-istio",
2965. "match": {
2966. "tlsMode": "istio"
2967. },
2968. "transportSocket": {
2969. "name": "envoy.transport_sockets.tls",
2970. "typedConfig": {
2971. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
2972. "commonTlsContext": {
2973. "tlsCertificateSdsSecretConfigs": [
2974. {
2975. "name": "default",
2976. "sdsConfig": {
2977. "apiConfigSource": {
2978. "apiType": "GRPC",
2979. "transportApiVersion": "V3",
2980. "grpcServices": [
2981. {
2982. "envoyGrpc": {
2983. "clusterName": "sds-grpc"
2984. }
2985. }
2986. ]
2987. },
2988. "initialFetchTimeout": "0s",
2989. "resourceApiVersion": "V3"
2990. }
2991. }
2992. ],
2993. "combinedValidationContext": {
2994. "defaultValidationContext": {
2995. "matchSubjectAltNames": [
2996. {
2997. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/kube-system/sa/kube-dns"
2998. }
2999. ]
3000. },
3001. "validationContextSdsSecretConfig": {
3002. "name": "ROOTCA",
3003. "sdsConfig": {
3004. "apiConfigSource": {
3005. "apiType": "GRPC",
3006. "transportApiVersion": "V3",
3007. "grpcServices": [
3008. {
3009. "envoyGrpc": {
3010. "clusterName": "sds-grpc"
3011. }
3012. }
3013. ]
3014. },
3015. "initialFetchTimeout": "0s",
3016. "resourceApiVersion": "V3"
3017. }
3018. }
3019. },
3020. "alpnProtocols": [
3021. "istio-peer-exchange",
3022. "istio"
3023. ]
3024. },
3025. "sni": "outbound_.53_._.kube-dns.kube-system.svc.cluster.local"
3026. }
3027. }
3028. },
3029. {
3030. "name": "tlsMode-disabled",
3031. "match": {},
3032. "transportSocket": {
3033. "name": "envoy.transport_sockets.raw_buffer"
3034. }
3035. }
3036. ],
3037. "name": "outbound|53||kube-dns.kube-system.svc.cluster.local",
3038. "type": "EDS",
3039. "edsClusterConfig": {
3040. "edsConfig": {
3041. "ads": {},
3042. "resourceApiVersion": "V3"
3043. },
3044. "serviceName": "outbound|53||kube-dns.kube-system.svc.cluster.local"
3045. },
3046. "connectTimeout": "10s",
3047. "circuitBreakers": {
3048. "thresholds": [
3049. {
3050. "maxConnections": 4294967295,
3051. "maxPendingRequests": 4294967295,
3052. "maxRequests": 4294967295,
3053. "maxRetries": 4294967295
3054. }
3055. ]
3056. },
3057. "filters": [
3058. {
3059. "name": "istio.metadata_exchange",
3060. "typedConfig": {
3061. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3062. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3063. "value": {
3064. "protocol": "istio-peer-exchange"
3065. }
3066. }
3067. }
3068. ]
3069. },
3070. {
3071. "transportSocketMatches": [
3072. {
3073. "name": "tlsMode-istio",
3074. "match": {
3075. "tlsMode": "istio"
3076. },
3077. "transportSocket": {
3078. "name": "envoy.transport_sockets.tls",
3079. "typedConfig": {
3080. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3081. "commonTlsContext": {
3082. "tlsCertificateSdsSecretConfigs": [
3083. {
3084. "name": "default",
3085. "sdsConfig": {
3086. "apiConfigSource": {
3087. "apiType": "GRPC",
3088. "transportApiVersion": "V3",
3089. "grpcServices": [
3090. {
3091. "envoyGrpc": {
3092. "clusterName": "sds-grpc"
3093. }
3094. }
3095. ]
3096. },
3097. "initialFetchTimeout": "0s",
3098. "resourceApiVersion": "V3"
3099. }
3100. }
3101. ],
3102. "combinedValidationContext": {
3103. "defaultValidationContext": {},
3104. "validationContextSdsSecretConfig": {
3105. "name": "ROOTCA",
3106. "sdsConfig": {
3107. "apiConfigSource": {
3108. "apiType": "GRPC",
3109. "transportApiVersion": "V3",
3110. "grpcServices": [
3111. {
3112. "envoyGrpc": {
3113. "clusterName": "sds-grpc"
3114. }
3115. }
3116. ]
3117. },
3118. "initialFetchTimeout": "0s",
3119. "resourceApiVersion": "V3"
3120. }
3121. }
3122. },
3123. "alpnProtocols": [
3124. "istio-peer-exchange",
3125. "istio"
3126. ]
3127. },
3128. "sni": "outbound_.443_._.kubernetes.default.svc.cluster.local"
3129. }
3130. }
3131. },
3132. {
3133. "name": "tlsMode-disabled",
3134. "match": {},
3135. "transportSocket": {
3136. "name": "envoy.transport_sockets.raw_buffer"
3137. }
3138. }
3139. ],
3140. "name": "outbound|443||kubernetes.default.svc.cluster.local",
3141. "type": "EDS",
3142. "edsClusterConfig": {
3143. "edsConfig": {
3144. "ads": {},
3145. "resourceApiVersion": "V3"
3146. },
3147. "serviceName": "outbound|443||kubernetes.default.svc.cluster.local"
3148. },
3149. "connectTimeout": "10s",
3150. "circuitBreakers": {
3151. "thresholds": [
3152. {
3153. "maxConnections": 4294967295,
3154. "maxPendingRequests": 4294967295,
3155. "maxRequests": 4294967295,
3156. "maxRetries": 4294967295
3157. }
3158. ]
3159. },
3160. "filters": [
3161. {
3162. "name": "istio.metadata_exchange",
3163. "typedConfig": {
3164. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3165. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3166. "value": {
3167. "protocol": "istio-peer-exchange"
3168. }
3169. }
3170. }
3171. ]
3172. },
3173. {
3174. "transportSocketMatches": [
3175. {
3176. "name": "tlsMode-istio",
3177. "match": {
3178. "tlsMode": "istio"
3179. },
3180. "transportSocket": {
3181. "name": "envoy.transport_sockets.tls",
3182. "typedConfig": {
3183. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3184. "commonTlsContext": {
3185. "tlsCertificateSdsSecretConfigs": [
3186. {
3187. "name": "default",
3188. "sdsConfig": {
3189. "apiConfigSource": {
3190. "apiType": "GRPC",
3191. "transportApiVersion": "V3",
3192. "grpcServices": [
3193. {
3194. "envoyGrpc": {
3195. "clusterName": "sds-grpc"
3196. }
3197. }
3198. ]
3199. },
3200. "initialFetchTimeout": "0s",
3201. "resourceApiVersion": "V3"
3202. }
3203. }
3204. ],
3205. "combinedValidationContext": {
3206. "defaultValidationContext": {
3207. "matchSubjectAltNames": [
3208. {
3209. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/kube-system/sa/metrics-server"
3210. }
3211. ]
3212. },
3213. "validationContextSdsSecretConfig": {
3214. "name": "ROOTCA",
3215. "sdsConfig": {
3216. "apiConfigSource": {
3217. "apiType": "GRPC",
3218. "transportApiVersion": "V3",
3219. "grpcServices": [
3220. {
3221. "envoyGrpc": {
3222. "clusterName": "sds-grpc"
3223. }
3224. }
3225. ]
3226. },
3227. "initialFetchTimeout": "0s",
3228. "resourceApiVersion": "V3"
3229. }
3230. }
3231. },
3232. "alpnProtocols": [
3233. "istio-peer-exchange",
3234. "istio"
3235. ]
3236. },
3237. "sni": "outbound_.443_._.metrics-server.kube-system.svc.cluster.local"
3238. }
3239. }
3240. },
3241. {
3242. "name": "tlsMode-disabled",
3243. "match": {},
3244. "transportSocket": {
3245. "name": "envoy.transport_sockets.raw_buffer"
3246. }
3247. }
3248. ],
3249. "name": "outbound|443||metrics-server.kube-system.svc.cluster.local",
3250. "type": "EDS",
3251. "edsClusterConfig": {
3252. "edsConfig": {
3253. "ads": {},
3254. "resourceApiVersion": "V3"
3255. },
3256. "serviceName": "outbound|443||metrics-server.kube-system.svc.cluster.local"
3257. },
3258. "connectTimeout": "10s",
3259. "circuitBreakers": {
3260. "thresholds": [
3261. {
3262. "maxConnections": 4294967295,
3263. "maxPendingRequests": 4294967295,
3264. "maxRequests": 4294967295,
3265. "maxRetries": 4294967295
3266. }
3267. ]
3268. },
3269. "filters": [
3270. {
3271. "name": "istio.metadata_exchange",
3272. "typedConfig": {
3273. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3274. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3275. "value": {
3276. "protocol": "istio-peer-exchange"
3277. }
3278. }
3279. }
3280. ]
3281. },
3282. {
3283. "transportSocketMatches": [
3284. {
3285. "name": "tlsMode-istio",
3286. "match": {
3287. "tlsMode": "istio"
3288. },
3289. "transportSocket": {
3290. "name": "envoy.transport_sockets.tls",
3291. "typedConfig": {
3292. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3293. "commonTlsContext": {
3294. "tlsCertificateSdsSecretConfigs": [
3295. {
3296. "name": "default",
3297. "sdsConfig": {
3298. "apiConfigSource": {
3299. "apiType": "GRPC",
3300. "transportApiVersion": "V3",
3301. "grpcServices": [
3302. {
3303. "envoyGrpc": {
3304. "clusterName": "sds-grpc"
3305. }
3306. }
3307. ]
3308. },
3309. "initialFetchTimeout": "0s",
3310. "resourceApiVersion": "V3"
3311. }
3312. }
3313. ],
3314. "combinedValidationContext": {
3315. "defaultValidationContext": {
3316. "matchSubjectAltNames": [
3317. {
3318. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/config-management-system/sa/monitor"
3319. }
3320. ]
3321. },
3322. "validationContextSdsSecretConfig": {
3323. "name": "ROOTCA",
3324. "sdsConfig": {
3325. "apiConfigSource": {
3326. "apiType": "GRPC",
3327. "transportApiVersion": "V3",
3328. "grpcServices": [
3329. {
3330. "envoyGrpc": {
3331. "clusterName": "sds-grpc"
3332. }
3333. }
3334. ]
3335. },
3336. "initialFetchTimeout": "0s",
3337. "resourceApiVersion": "V3"
3338. }
3339. }
3340. },
3341. "alpnProtocols": [
3342. "istio-peer-exchange",
3343. "istio"
3344. ]
3345. },
3346. "sni": "outbound_.8675_._.monitor.config-management-system.svc.cluster.local"
3347. }
3348. }
3349. },
3350. {
3351. "name": "tlsMode-disabled",
3352. "match": {},
3353. "transportSocket": {
3354. "name": "envoy.transport_sockets.raw_buffer"
3355. }
3356. }
3357. ],
3358. "name": "outbound|8675||monitor.config-management-system.svc.cluster.local",
3359. "type": "EDS",
3360. "edsClusterConfig": {
3361. "edsConfig": {
3362. "ads": {},
3363. "resourceApiVersion": "V3"
3364. },
3365. "serviceName": "outbound|8675||monitor.config-management-system.svc.cluster.local"
3366. },
3367. "connectTimeout": "10s",
3368. "circuitBreakers": {
3369. "thresholds": [
3370. {
3371. "maxConnections": 4294967295,
3372. "maxPendingRequests": 4294967295,
3373. "maxRequests": 4294967295,
3374. "maxRetries": 4294967295
3375. }
3376. ]
3377. },
3378. "filters": [
3379. {
3380. "name": "istio.metadata_exchange",
3381. "typedConfig": {
3382. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3383. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3384. "value": {
3385. "protocol": "istio-peer-exchange"
3386. }
3387. }
3388. }
3389. ]
3390. },
3391. {
3392. "transportSocketMatches": [
3393. {
3394. "name": "tlsMode-istio",
3395. "match": {
3396. "tlsMode": "istio"
3397. },
3398. "transportSocket": {
3399. "name": "envoy.transport_sockets.tls",
3400. "typedConfig": {
3401. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3402. "commonTlsContext": {
3403. "tlsCertificateSdsSecretConfigs": [
3404. {
3405. "name": "default",
3406. "sdsConfig": {
3407. "apiConfigSource": {
3408. "apiType": "GRPC",
3409. "transportApiVersion": "V3",
3410. "grpcServices": [
3411. {
3412. "envoyGrpc": {
3413. "clusterName": "sds-grpc"
3414. }
3415. }
3416. ]
3417. },
3418. "initialFetchTimeout": "0s",
3419. "resourceApiVersion": "V3"
3420. }
3421. }
3422. ],
3423. "combinedValidationContext": {
3424. "defaultValidationContext": {
3425. "matchSubjectAltNames": [
3426. {
3427. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
3428. }
3429. ]
3430. },
3431. "validationContextSdsSecretConfig": {
3432. "name": "ROOTCA",
3433. "sdsConfig": {
3434. "apiConfigSource": {
3435. "apiType": "GRPC",
3436. "transportApiVersion": "V3",
3437. "grpcServices": [
3438. {
3439. "envoyGrpc": {
3440. "clusterName": "sds-grpc"
3441. }
3442. }
3443. ]
3444. },
3445. "initialFetchTimeout": "0s",
3446. "resourceApiVersion": "V3"
3447. }
3448. }
3449. },
3450. "alpnProtocols": [
3451. "istio-peer-exchange",
3452. "istio",
3453. "h2"
3454. ]
3455. },
3456. "sni": "outbound_.50051_._.paymentservice.hipster.svc.cluster.local"
3457. }
3458. }
3459. },
3460. {
3461. "name": "tlsMode-disabled",
3462. "match": {},
3463. "transportSocket": {
3464. "name": "envoy.transport_sockets.raw_buffer"
3465. }
3466. }
3467. ],
3468. "name": "outbound|50051||paymentservice.hipster.svc.cluster.local",
3469. "type": "EDS",
3470. "edsClusterConfig": {
3471. "edsConfig": {
3472. "ads": {},
3473. "resourceApiVersion": "V3"
3474. },
3475. "serviceName": "outbound|50051||paymentservice.hipster.svc.cluster.local"
3476. },
3477. "connectTimeout": "10s",
3478. "circuitBreakers": {
3479. "thresholds": [
3480. {
3481. "maxConnections": 4294967295,
3482. "maxPendingRequests": 4294967295,
3483. "maxRequests": 4294967295,
3484. "maxRetries": 4294967295
3485. }
3486. ]
3487. },
3488. "http2ProtocolOptions": {
3489. "maxConcurrentStreams": 1073741824
3490. },
3491. "filters": [
3492. {
3493. "name": "istio.metadata_exchange",
3494. "typedConfig": {
3495. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3496. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3497. "value": {
3498. "protocol": "istio-peer-exchange"
3499. }
3500. }
3501. }
3502. ]
3503. },
3504. {
3505. "name": "outbound|16221||pg-2dbb5e59-google-bc39.aivencloud.com",
3506. "type": "ORIGINAL_DST",
3507. "connectTimeout": "10s",
3508. "lbPolicy": "CLUSTER_PROVIDED",
3509. "circuitBreakers": {
3510. "thresholds": [
3511. {
3512. "maxConnections": 4294967295,
3513. "maxPendingRequests": 4294967295,
3514. "maxRequests": 4294967295,
3515. "maxRetries": 4294967295
3516. }
3517. ]
3518. },
3519. "transportSocket": {
3520. "name": "envoy.transport_sockets.tls",
3521. "typedConfig": {
3522. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3523. "commonTlsContext": {
3524. "combinedValidationContext": {
3525. "defaultValidationContext": {},
3526. "validationContextSdsSecretConfig": {
3527. "name": "file-root:/etc/certs/aiven-ca.crt",
3528. "sdsConfig": {
3529. "apiConfigSource": {
3530. "apiType": "GRPC",
3531. "transportApiVersion": "V3",
3532. "grpcServices": [
3533. {
3534. "envoyGrpc": {
3535. "clusterName": "sds-grpc"
3536. }
3537. }
3538. ]
3539. },
3540. "resourceApiVersion": "V3"
3541. }
3542. }
3543. }
3544. }
3545. }
3546. },
3547. "metadata": {
3548. "filterMetadata": {
3549. "istio": {
3550. "config": "/apis/networking.istio.io/v1alpha3/namespaces/postgres/destination-rule/external-aiven-postgres"
3551. }
3552. }
3553. },
3554. "filters": [
3555. {
3556. "name": "istio.metadata_exchange",
3557. "typedConfig": {
3558. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3559. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3560. "value": {
3561. "protocol": "istio-peer-exchange"
3562. }
3563. }
3564. }
3565. ]
3566. },
3567. {
3568. "transportSocketMatches": [
3569. {
3570. "name": "tlsMode-istio",
3571. "match": {
3572. "tlsMode": "istio"
3573. },
3574. "transportSocket": {
3575. "name": "envoy.transport_sockets.tls",
3576. "typedConfig": {
3577. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3578. "commonTlsContext": {
3579. "tlsCertificateSdsSecretConfigs": [
3580. {
3581. "name": "default",
3582. "sdsConfig": {
3583. "apiConfigSource": {
3584. "apiType": "GRPC",
3585. "transportApiVersion": "V3",
3586. "grpcServices": [
3587. {
3588. "envoyGrpc": {
3589. "clusterName": "sds-grpc"
3590. }
3591. }
3592. ]
3593. },
3594. "initialFetchTimeout": "0s",
3595. "resourceApiVersion": "V3"
3596. }
3597. }
3598. ],
3599. "combinedValidationContext": {
3600. "defaultValidationContext": {
3601. "matchSubjectAltNames": [
3602. {
3603. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/postgres/sa/default"
3604. }
3605. ]
3606. },
3607. "validationContextSdsSecretConfig": {
3608. "name": "ROOTCA",
3609. "sdsConfig": {
3610. "apiConfigSource": {
3611. "apiType": "GRPC",
3612. "transportApiVersion": "V3",
3613. "grpcServices": [
3614. {
3615. "envoyGrpc": {
3616. "clusterName": "sds-grpc"
3617. }
3618. }
3619. ]
3620. },
3621. "initialFetchTimeout": "0s",
3622. "resourceApiVersion": "V3"
3623. }
3624. }
3625. },
3626. "alpnProtocols": [
3627. "istio-peer-exchange",
3628. "istio"
3629. ]
3630. },
3631. "sni": "outbound_.80_._.pgadmin4.postgres.svc.cluster.local"
3632. }
3633. }
3634. },
3635. {
3636. "name": "tlsMode-disabled",
3637. "match": {},
3638. "transportSocket": {
3639. "name": "envoy.transport_sockets.raw_buffer"
3640. }
3641. }
3642. ],
3643. "name": "outbound|80||pgadmin4.postgres.svc.cluster.local",
3644. "type": "EDS",
3645. "edsClusterConfig": {
3646. "edsConfig": {
3647. "ads": {},
3648. "resourceApiVersion": "V3"
3649. },
3650. "serviceName": "outbound|80||pgadmin4.postgres.svc.cluster.local"
3651. },
3652. "connectTimeout": "10s",
3653. "circuitBreakers": {
3654. "thresholds": [
3655. {
3656. "maxConnections": 4294967295,
3657. "maxPendingRequests": 4294967295,
3658. "maxRequests": 4294967295,
3659. "maxRetries": 4294967295
3660. }
3661. ]
3662. },
3663. "filters": [
3664. {
3665. "name": "istio.metadata_exchange",
3666. "typedConfig": {
3667. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3668. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3669. "value": {
3670. "protocol": "istio-peer-exchange"
3671. }
3672. }
3673. }
3674. ]
3675. },
3676. {
3677. "transportSocketMatches": [
3678. {
3679. "name": "tlsMode-istio",
3680. "match": {
3681. "tlsMode": "istio"
3682. },
3683. "transportSocket": {
3684. "name": "envoy.transport_sockets.tls",
3685. "typedConfig": {
3686. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3687. "commonTlsContext": {
3688. "tlsCertificateSdsSecretConfigs": [
3689. {
3690. "name": "default",
3691. "sdsConfig": {
3692. "apiConfigSource": {
3693. "apiType": "GRPC",
3694. "transportApiVersion": "V3",
3695. "grpcServices": [
3696. {
3697. "envoyGrpc": {
3698. "clusterName": "sds-grpc"
3699. }
3700. }
3701. ]
3702. },
3703. "initialFetchTimeout": "0s",
3704. "resourceApiVersion": "V3"
3705. }
3706. }
3707. ],
3708. "combinedValidationContext": {
3709. "defaultValidationContext": {
3710. "matchSubjectAltNames": [
3711. {
3712. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
3713. }
3714. ]
3715. },
3716. "validationContextSdsSecretConfig": {
3717. "name": "ROOTCA",
3718. "sdsConfig": {
3719. "apiConfigSource": {
3720. "apiType": "GRPC",
3721. "transportApiVersion": "V3",
3722. "grpcServices": [
3723. {
3724. "envoyGrpc": {
3725. "clusterName": "sds-grpc"
3726. }
3727. }
3728. ]
3729. },
3730. "initialFetchTimeout": "0s",
3731. "resourceApiVersion": "V3"
3732. }
3733. }
3734. },
3735. "alpnProtocols": [
3736. "istio-peer-exchange",
3737. "istio",
3738. "h2"
3739. ]
3740. },
3741. "sni": "outbound_.3550_._.productcatalogservice.hipster.svc.cluster.local"
3742. }
3743. }
3744. },
3745. {
3746. "name": "tlsMode-disabled",
3747. "match": {},
3748. "transportSocket": {
3749. "name": "envoy.transport_sockets.raw_buffer"
3750. }
3751. }
3752. ],
3753. "name": "outbound|3550||productcatalogservice.hipster.svc.cluster.local",
3754. "type": "EDS",
3755. "edsClusterConfig": {
3756. "edsConfig": {
3757. "ads": {},
3758. "resourceApiVersion": "V3"
3759. },
3760. "serviceName": "outbound|3550||productcatalogservice.hipster.svc.cluster.local"
3761. },
3762. "connectTimeout": "10s",
3763. "circuitBreakers": {
3764. "thresholds": [
3765. {
3766. "maxConnections": 4294967295,
3767. "maxPendingRequests": 4294967295,
3768. "maxRequests": 4294967295,
3769. "maxRetries": 4294967295
3770. }
3771. ]
3772. },
3773. "http2ProtocolOptions": {
3774. "maxConcurrentStreams": 1073741824
3775. },
3776. "filters": [
3777. {
3778. "name": "istio.metadata_exchange",
3779. "typedConfig": {
3780. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3781. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3782. "value": {
3783. "protocol": "istio-peer-exchange"
3784. }
3785. }
3786. }
3787. ]
3788. },
3789. {
3790. "name": "prometheus_stats",
3791. "type": "STATIC",
3792. "connectTimeout": "0.250s",
3793. "loadAssignment": {
3794. "clusterName": "prometheus_stats",
3795. "endpoints": [
3796. {
3797. "lbEndpoints": [
3798. {
3799. "endpoint": {
3800. "address": {
3801. "socketAddress": {
3802. "address": "127.0.0.1",
3803. "portValue": 15000
3804. }
3805. }
3806. }
3807. }
3808. ]
3809. }
3810. ]
3811. }
3812. },
3813. {
3814. "transportSocketMatches": [
3815. {
3816. "name": "tlsMode-istio",
3817. "match": {
3818. "tlsMode": "istio"
3819. },
3820. "transportSocket": {
3821. "name": "envoy.transport_sockets.tls",
3822. "typedConfig": {
3823. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3824. "commonTlsContext": {
3825. "tlsCertificateSdsSecretConfigs": [
3826. {
3827. "name": "default",
3828. "sdsConfig": {
3829. "apiConfigSource": {
3830. "apiType": "GRPC",
3831. "transportApiVersion": "V3",
3832. "grpcServices": [
3833. {
3834. "envoyGrpc": {
3835. "clusterName": "sds-grpc"
3836. }
3837. }
3838. ]
3839. },
3840. "initialFetchTimeout": "0s",
3841. "resourceApiVersion": "V3"
3842. }
3843. }
3844. ],
3845. "combinedValidationContext": {
3846. "defaultValidationContext": {
3847. "matchSubjectAltNames": [
3848. {
3849. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
3850. }
3851. ]
3852. },
3853. "validationContextSdsSecretConfig": {
3854. "name": "ROOTCA",
3855. "sdsConfig": {
3856. "apiConfigSource": {
3857. "apiType": "GRPC",
3858. "transportApiVersion": "V3",
3859. "grpcServices": [
3860. {
3861. "envoyGrpc": {
3862. "clusterName": "sds-grpc"
3863. }
3864. }
3865. ]
3866. },
3867. "initialFetchTimeout": "0s",
3868. "resourceApiVersion": "V3"
3869. }
3870. }
3871. },
3872. "alpnProtocols": [
3873. "istio-peer-exchange",
3874. "istio",
3875. "h2"
3876. ]
3877. },
3878. "sni": "outbound_.8080_._.recommendationservice.hipster.svc.cluster.local"
3879. }
3880. }
3881. },
3882. {
3883. "name": "tlsMode-disabled",
3884. "match": {},
3885. "transportSocket": {
3886. "name": "envoy.transport_sockets.raw_buffer"
3887. }
3888. }
3889. ],
3890. "name": "outbound|8080||recommendationservice.hipster.svc.cluster.local",
3891. "type": "EDS",
3892. "edsClusterConfig": {
3893. "edsConfig": {
3894. "ads": {},
3895. "resourceApiVersion": "V3"
3896. },
3897. "serviceName": "outbound|8080||recommendationservice.hipster.svc.cluster.local"
3898. },
3899. "connectTimeout": "10s",
3900. "circuitBreakers": {
3901. "thresholds": [
3902. {
3903. "maxConnections": 4294967295,
3904. "maxPendingRequests": 4294967295,
3905. "maxRequests": 4294967295,
3906. "maxRetries": 4294967295
3907. }
3908. ]
3909. },
3910. "http2ProtocolOptions": {
3911. "maxConcurrentStreams": 1073741824
3912. },
3913. "filters": [
3914. {
3915. "name": "istio.metadata_exchange",
3916. "typedConfig": {
3917. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3918. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3919. "value": {
3920. "protocol": "istio-peer-exchange"
3921. }
3922. }
3923. }
3924. ]
3925. },
3926. {
3927. "name": "outbound|16222||redis-1425a1d9-google-bc39.aivencloud.com",
3928. "type": "ORIGINAL_DST",
3929. "connectTimeout": "10s",
3930. "lbPolicy": "CLUSTER_PROVIDED",
3931. "circuitBreakers": {
3932. "thresholds": [
3933. {
3934. "maxConnections": 4294967295,
3935. "maxPendingRequests": 4294967295,
3936. "maxRequests": 4294967295,
3937. "maxRetries": 4294967295
3938. }
3939. ]
3940. },
3941. "transportSocket": {
3942. "name": "envoy.transport_sockets.tls",
3943. "typedConfig": {
3944. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3945. "commonTlsContext": {
3946. "validationContext": {}
3947. }
3948. }
3949. },
3950. "metadata": {
3951. "filterMetadata": {
3952. "istio": {
3953. "config": "/apis/networking.istio.io/v1alpha3/namespaces/redis/destination-rule/external-aiven-redis"
3954. }
3955. }
3956. },
3957. "filters": [
3958. {
3959. "name": "istio.metadata_exchange",
3960. "typedConfig": {
3961. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
3962. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
3963. "value": {
3964. "protocol": "istio-peer-exchange"
3965. }
3966. }
3967. }
3968. ]
3969. },
3970. {
3971. "transportSocketMatches": [
3972. {
3973. "name": "tlsMode-istio",
3974. "match": {
3975. "tlsMode": "istio"
3976. },
3977. "transportSocket": {
3978. "name": "envoy.transport_sockets.tls",
3979. "typedConfig": {
3980. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
3981. "commonTlsContext": {
3982. "tlsCertificateSdsSecretConfigs": [
3983. {
3984. "name": "default",
3985. "sdsConfig": {
3986. "apiConfigSource": {
3987. "apiType": "GRPC",
3988. "transportApiVersion": "V3",
3989. "grpcServices": [
3990. {
3991. "envoyGrpc": {
3992. "clusterName": "sds-grpc"
3993. }
3994. }
3995. ]
3996. },
3997. "initialFetchTimeout": "0s",
3998. "resourceApiVersion": "V3"
3999. }
4000. }
4001. ],
4002. "combinedValidationContext": {
4003. "defaultValidationContext": {
4004. "matchSubjectAltNames": [
4005. {
4006. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
4007. }
4008. ]
4009. },
4010. "validationContextSdsSecretConfig": {
4011. "name": "ROOTCA",
4012. "sdsConfig": {
4013. "apiConfigSource": {
4014. "apiType": "GRPC",
4015. "transportApiVersion": "V3",
4016. "grpcServices": [
4017. {
4018. "envoyGrpc": {
4019. "clusterName": "sds-grpc"
4020. }
4021. }
4022. ]
4023. },
4024. "initialFetchTimeout": "0s",
4025. "resourceApiVersion": "V3"
4026. }
4027. }
4028. },
4029. "alpnProtocols": [
4030. "istio-peer-exchange",
4031. "istio"
4032. ]
4033. },
4034. "sni": "outbound_.6379_._.redis-cart.hipster.svc.cluster.local"
4035. }
4036. }
4037. },
4038. {
4039. "name": "tlsMode-disabled",
4040. "match": {},
4041. "transportSocket": {
4042. "name": "envoy.transport_sockets.raw_buffer"
4043. }
4044. }
4045. ],
4046. "name": "outbound|6379||redis-cart.hipster.svc.cluster.local",
4047. "type": "EDS",
4048. "edsClusterConfig": {
4049. "edsConfig": {
4050. "ads": {},
4051. "resourceApiVersion": "V3"
4052. },
4053. "serviceName": "outbound|6379||redis-cart.hipster.svc.cluster.local"
4054. },
4055. "connectTimeout": "10s",
4056. "circuitBreakers": {
4057. "thresholds": [
4058. {
4059. "maxConnections": 4294967295,
4060. "maxPendingRequests": 4294967295,
4061. "maxRequests": 4294967295,
4062. "maxRetries": 4294967295
4063. }
4064. ]
4065. },
4066. "filters": [
4067. {
4068. "name": "istio.metadata_exchange",
4069. "typedConfig": {
4070. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
4071. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
4072. "value": {
4073. "protocol": "istio-peer-exchange"
4074. }
4075. }
4076. }
4077. ]
4078. },
4079. {
4080. "name": "sds-grpc",
4081. "type": "STATIC",
4082. "connectTimeout": "1s",
4083. "loadAssignment": {
4084. "clusterName": "sds-grpc",
4085. "endpoints": [
4086. {
4087. "lbEndpoints": [
4088. {
4089. "endpoint": {
4090. "address": {
4091. "pipe": {
4092. "path": "./etc/istio/proxy/SDS"
4093. }
4094. }
4095. }
4096. }
4097. ]
4098. }
4099. ]
4100. },
4101. "http2ProtocolOptions": {}
4102. },
4103. {
4104. "transportSocketMatches": [
4105. {
4106. "name": "tlsMode-istio",
4107. "match": {
4108. "tlsMode": "istio"
4109. },
4110. "transportSocket": {
4111. "name": "envoy.transport_sockets.tls",
4112. "typedConfig": {
4113. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
4114. "commonTlsContext": {
4115. "tlsCertificateSdsSecretConfigs": [
4116. {
4117. "name": "default",
4118. "sdsConfig": {
4119. "apiConfigSource": {
4120. "apiType": "GRPC",
4121. "transportApiVersion": "V3",
4122. "grpcServices": [
4123. {
4124. "envoyGrpc": {
4125. "clusterName": "sds-grpc"
4126. }
4127. }
4128. ]
4129. },
4130. "initialFetchTimeout": "0s",
4131. "resourceApiVersion": "V3"
4132. }
4133. }
4134. ],
4135. "combinedValidationContext": {
4136. "defaultValidationContext": {
4137. "matchSubjectAltNames": [
4138. {
4139. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/hipster/sa/default"
4140. }
4141. ]
4142. },
4143. "validationContextSdsSecretConfig": {
4144. "name": "ROOTCA",
4145. "sdsConfig": {
4146. "apiConfigSource": {
4147. "apiType": "GRPC",
4148. "transportApiVersion": "V3",
4149. "grpcServices": [
4150. {
4151. "envoyGrpc": {
4152. "clusterName": "sds-grpc"
4153. }
4154. }
4155. ]
4156. },
4157. "initialFetchTimeout": "0s",
4158. "resourceApiVersion": "V3"
4159. }
4160. }
4161. },
4162. "alpnProtocols": [
4163. "istio-peer-exchange",
4164. "istio",
4165. "h2"
4166. ]
4167. },
4168. "sni": "outbound_.50051_._.shippingservice.hipster.svc.cluster.local"
4169. }
4170. }
4171. },
4172. {
4173. "name": "tlsMode-disabled",
4174. "match": {},
4175. "transportSocket": {
4176. "name": "envoy.transport_sockets.raw_buffer"
4177. }
4178. }
4179. ],
4180. "name": "outbound|50051||shippingservice.hipster.svc.cluster.local",
4181. "type": "EDS",
4182. "edsClusterConfig": {
4183. "edsConfig": {
4184. "ads": {},
4185. "resourceApiVersion": "V3"
4186. },
4187. "serviceName": "outbound|50051||shippingservice.hipster.svc.cluster.local"
4188. },
4189. "connectTimeout": "10s",
4190. "circuitBreakers": {
4191. "thresholds": [
4192. {
4193. "maxConnections": 4294967295,
4194. "maxPendingRequests": 4294967295,
4195. "maxRequests": 4294967295,
4196. "maxRetries": 4294967295
4197. }
4198. ]
4199. },
4200. "http2ProtocolOptions": {
4201. "maxConcurrentStreams": 1073741824
4202. },
4203. "filters": [
4204. {
4205. "name": "istio.metadata_exchange",
4206. "typedConfig": {
4207. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
4208. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
4209. "value": {
4210. "protocol": "istio-peer-exchange"
4211. }
4212. }
4213. }
4214. ]
4215. },
4216. {
4217. "transportSocketMatches": [
4218. {
4219. "name": "tlsMode-istio",
4220. "match": {
4221. "tlsMode": "istio"
4222. },
4223. "transportSocket": {
4224. "name": "envoy.transport_sockets.tls",
4225. "typedConfig": {
4226. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
4227. "commonTlsContext": {
4228. "tlsCertificateSdsSecretConfigs": [
4229. {
4230. "name": "default",
4231. "sdsConfig": {
4232. "apiConfigSource": {
4233. "apiType": "GRPC",
4234. "transportApiVersion": "V3",
4235. "grpcServices": [
4236. {
4237. "envoyGrpc": {
4238. "clusterName": "sds-grpc"
4239. }
4240. }
4241. ]
4242. },
4243. "initialFetchTimeout": "0s",
4244. "resourceApiVersion": "V3"
4245. }
4246. }
4247. ],
4248. "combinedValidationContext": {
4249. "defaultValidationContext": {
4250. "matchSubjectAltNames": [
4251. {
4252. "exact": "spiffe://sam-playground-123.svc.id.goog/ns/sample/sa/sleep"
4253. }
4254. ]
4255. },
4256. "validationContextSdsSecretConfig": {
4257. "name": "ROOTCA",
4258. "sdsConfig": {
4259. "apiConfigSource": {
4260. "apiType": "GRPC",
4261. "transportApiVersion": "V3",
4262. "grpcServices": [
4263. {
4264. "envoyGrpc": {
4265. "clusterName": "sds-grpc"
4266. }
4267. }
4268. ]
4269. },
4270. "initialFetchTimeout": "0s",
4271. "resourceApiVersion": "V3"
4272. }
4273. }
4274. },
4275. "alpnProtocols": [
4276. "istio-peer-exchange",
4277. "istio"
4278. ]
4279. },
4280. "sni": "outbound_.80_._.sleep.sample.svc.cluster.local"
4281. }
4282. }
4283. },
4284. {
4285. "name": "tlsMode-disabled",
4286. "match": {},
4287. "transportSocket": {
4288. "name": "envoy.transport_sockets.raw_buffer"
4289. }
4290. }
4291. ],
4292. "name": "outbound|80||sleep.sample.svc.cluster.local",
4293. "type": "EDS",
4294. "edsClusterConfig": {
4295. "edsConfig": {
4296. "ads": {},
4297. "resourceApiVersion": "V3"
4298. },
4299. "serviceName": "outbound|80||sleep.sample.svc.cluster.local"
4300. },
4301. "connectTimeout": "10s",
4302. "circuitBreakers": {
4303. "thresholds": [
4304. {
4305. "maxConnections": 4294967295,
4306. "maxPendingRequests": 4294967295,
4307. "maxRequests": 4294967295,
4308. "maxRetries": 4294967295
4309. }
4310. ]
4311. },
4312. "filters": [
4313. {
4314. "name": "istio.metadata_exchange",
4315. "typedConfig": {
4316. "@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
4317. "typeUrl": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange",
4318. "value": {
4319. "protocol": "istio-peer-exchange"
4320. }
4321. }
4322. }
4323. ]
4324. },
4325. {
4326. "name": "xds-grpc",
4327. "type": "STRICT_DNS",
4328. "connectTimeout": "1s",
4329. "loadAssignment": {
4330. "clusterName": "xds-grpc",
4331. "endpoints": [
4332. {
4333. "lbEndpoints": [
4334. {
4335. "endpoint": {
4336. "address": {
4337. "socketAddress": {
4338. "address": "istiod-asm-173-6.istio-system.svc",
4339. "portValue": 15012
4340. }
4341. }
4342. }
4343. }
4344. ]
4345. }
4346. ]
4347. },
4348. "maxRequestsPerConnection": 1,
4349. "circuitBreakers": {
4350. "thresholds": [
4351. {
4352. "maxConnections": 100000,
4353. "maxPendingRequests": 100000,
4354. "maxRequests": 100000
4355. },
4356. {
4357. "priority": "HIGH",
4358. "maxConnections": 100000,
4359. "maxPendingRequests": 100000,
4360. "maxRequests": 100000
4361. }
4362. ]
4363. },
4364. "http2ProtocolOptions": {},
4365. "respectDnsTtl": true,
4366. "dnsLookupFamily": "V4_ONLY",
4367. "transportSocket": {
4368. "name": "envoy.transport_sockets.tls",
4369. "typedConfig": {
4370. "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext",
4371. "commonTlsContext": {
4372. "tlsCertificateSdsSecretConfigs": [
4373. {
4374. "name": "default",
4375. "sdsConfig": {
4376. "apiConfigSource": {
4377. "apiType": "GRPC",
4378. "transportApiVersion": "V3",
4379. "grpcServices": [
4380. {
4381. "envoyGrpc": {
4382. "clusterName": "sds-grpc"
4383. }
4384. }
4385. ]
4386. },
4387. "initialFetchTimeout": "0s",
4388. "resourceApiVersion": "V3"
4389. }
4390. }
4391. ],
4392. "validationContext": {
4393. "trustedCa": {
4394. "filename": "./var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
4395. },
4396. "matchSubjectAltNames": [
4397. {
4398. "exact": "istiod-asm-173-6.istio-system.svc"
4399. }
4400. ]
4401. },
4402. "alpnProtocols": [
4403. "h2"
4404. ]
4405. },
4406. "sni": "istiod-asm-173-6.istio-system.svc"
4407. }
4408. },
4409. "upstreamConnectionOptions": {
4410. "tcpKeepalive": {
4411. "keepaliveTime": 300
4412. }
4413. }
4414. },
4415. {
4416. "name": "zipkin",
4417. "type": "STRICT_DNS",
4418. "connectTimeout": "1s",
4419. "loadAssignment": {
4420. "clusterName": "zipkin",
4421. "endpoints": [
4422. {
4423. "lbEndpoints": [
4424. {
4425. "endpoint": {
4426. "address": {
4427. "socketAddress": {
4428. "address": "zipkin.istio-system",
4429. "portValue": 9411
4430. }
4431. }
4432. }
4433. }
4434. ]
4435. }
4436. ]
4437. },
4438. "respectDnsTtl": true,
4439. "dnsLookupFamily": "V4_ONLY"
4440. }
4441. ]
4442.