chore: initial commit

build/edge-gateway/envoy.yaml

@@ -0,0 +1,190 @@
+static_resources:
+  listeners:
+  - address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 80
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.http_connection_manager
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          codec_type: AUTO
+          stat_prefix: ingress_http
+          generate_request_id: true
+          tracing:
+            provider:
+              name: envoy.tracers.opentelemetry
+              typed_config:
+                "@type": type.googleapis.com/envoy.config.trace.v3.OpenTelemetryConfig
+                grpc_service:
+                  envoy_grpc:
+                    cluster_name: otel_collector
+                  timeout: 0.5s
+                service_name: edge-gateway
+          route_config:
+            name: local_route
+            virtual_hosts:
+            - name: services
+              domains:
+              - "*"
+              routes:
+              - match:
+                  prefix: /v1/auth/
+                route:
+                  cluster: auth_service_gw
+              - match:
+                  prefix: /v1/order/
+                route:
+                  cluster: order_service_gw
+              - match:
+                  prefix: /v1/payment/
+                route:
+                  cluster: payment_service_gw
+              - match:
+                  prefix: /v1/product/
+                route:
+                  cluster: product_service_gw
+              - match:
+                  prefix: /v1/shipping/
+                route:
+                  cluster: shipping_service_gw
+              - match:
+                  prefix: /v1/user/
+                route:
+                  cluster: user_service_gw
+              - match:
+                  prefix: /v1/warehouse/
+                route:
+                  cluster: warehouse_service_gw
+          http_filters:
+          - name: envoy.filters.http.jwt_authn
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
+              providers:
+                default_provider:
+                  remote_jwks:
+                    http_uri:
+                      uri: http://auth-service:90/v1/auth/jwks
+                      cluster: auth_service_gw
+                      timeout: 1s
+                    cache_duration:
+                      seconds: 300
+                  from_headers:
+                  - name: Authorization
+                  forward: true
+                  forward_payload_header: x-jwt-payload
+              rules:
+              - match:
+                  prefix: /
+                requires:
+                  requires_any:
+                    requirements:
+                      - provider_name: default_provider
+                      - allow_missing: {}
+          - name: envoy.filters.http.router
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+          
+  clusters:
+  - name: otel_collector
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    typed_extension_protocol_options:
+      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+        "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+        explicit_http_config:
+          http2_protocol_options: {}
+    load_assignment:
+      cluster_name: otel_collector
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: otel-collector
+                port_value: 4317
+  - name: auth_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: auth_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: auth-service
+                port_value: 90
+  - name: order_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: order_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: order-service
+                port_value: 90
+  - name: payment_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: payment_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: payment-service
+                port_value: 90
+  - name: product_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: product_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: product-service
+                port_value: 90
+  - name: shipping_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: shipping_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: shipping-service
+                port_value: 90
+  - name: user_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: user_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: user-service
+                port_value: 90
+  - name: warehouse_service_gw
+    type: STRICT_DNS
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: warehouse_service_gw
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: warehouse-service
+                port_value: 90