Envoy有一个postgres过滤器,支持ssl终止和ssl发起。我在网上找不到任何关于如何实际做到这一点的参考资料。
9udxz4iz1#
我终于找到了-
static_resources: listeners: - name: listener_0 address: socket_address: address: 0.0.0.0 port_value: 5432 # Frontend port filter_chains: - filters: - name: envoy.filters.network.postgres_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy stat_prefix: imperva terminate_ssl: true upstream_ssl: REQUIRE - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: tcp cluster: backend_cluster transport_socket: name: envoy.transport_sockets.starttls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig tls_socket_config: common_tls_context: tls_certificates: certificate_chain: filename: "/etc/envoy/certs/cert.pem" # Path to SSL certificate private_key: filename: "/etc/envoy/certs/key.pem" # Path to SSL private key clusters: - name: backend_cluster connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: backend_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: psql-demo-db.com port_value: 5432 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.starttls.v3.UpstreamStartTlsConfig tls_socket_config: {}
字符串
1条答案
按热度按时间9udxz4iz1#
我终于找到了-
字符串