static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager codec_type: AUTO stat_prefix: ingress_http generate_request_id: true tracing: provider: name: envoy.tracers.opentelemetry typed_config: "@type": type.googleapis.com/envoy.config.trace.v3.OpenTelemetryConfig grpc_service: envoy_grpc: cluster_name: otel_collector timeout: 0.5s service_name: edge-gateway route_config: name: local_route virtual_hosts: - name: services domains: - "*" routes: - match: prefix: /v1/auth/ route: cluster: auth_service_gw - match: prefix: /v1/order/ route: cluster: order_service_gw - match: prefix: /v1/payment/ route: cluster: payment_service_gw - match: prefix: /v1/product/ route: cluster: product_service_gw - match: prefix: /v1/shipping/ route: cluster: shipping_service_gw - match: prefix: /v1/user/ route: cluster: user_service_gw - match: prefix: /v1/warehouse/ route: cluster: warehouse_service_gw http_filters: - name: envoy.filters.http.jwt_authn typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: default_provider: remote_jwks: http_uri: uri: http://auth-service:90/v1/auth/jwks cluster: auth_service_gw timeout: 1s cache_duration: seconds: 300 from_headers: - name: Authorization forward: true forward_payload_header: x-jwt-payload rules: - match: prefix: / requires: requires_any: requirements: - provider_name: default_provider - allow_missing: {} - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: otel_collector type: STRICT_DNS lb_policy: ROUND_ROBIN typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http2_protocol_options: {} load_assignment: cluster_name: otel_collector endpoints: - lb_endpoints: - endpoint: address: socket_address: address: otel-collector port_value: 4317 - name: auth_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: auth_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: auth-service port_value: 90 - name: order_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: order_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: order-service port_value: 90 - name: payment_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: payment_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: payment-service port_value: 90 - name: product_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: product_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: product-service port_value: 90 - name: shipping_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: shipping_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: shipping-service port_value: 90 - name: user_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: user_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: user-service port_value: 90 - name: warehouse_service_gw type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: warehouse_service_gw endpoints: - lb_endpoints: - endpoint: address: socket_address: address: warehouse-service port_value: 90