add basic envoy test setup

goauthentik · Feb 20, 2023 · cbb41cd · cbb41cd
1 parent 93e672e
commit cbb41cd
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 0 deletions.
diff --git a/envoy/docker-compose.yaml b/envoy/docker-compose.yaml
@@ -0,0 +1,12 @@
+version: '3'
+services:
+  envoy:
+    image: envoyproxy/envoy:v1.25-latest
+    ports:
+      - "10000:10000"
+    volumes:
+      - ./envoy.yaml:/etc/envoy/envoy.yaml
+  whoami:
+    image: traefik/whoami
+    restart: always
+    command: --verbose
diff --git a/envoy/envoy.yaml b/envoy/envoy.yaml
@@ -0,0 +1,94 @@
+static_resources:
+  listeners:
+    - name: listener_0
+      address:
+        socket_address:
+          address: 0.0.0.0
+          port_value: 10000
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                upgrade_configs:
+                  - upgrade_type: websocket
+                access_log:
+                  - name: envoy.access_loggers.stdout
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
+                http_filters:
+                  - name: envoy.filters.http.ext_authz
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
+                      transport_api_version: V3
+                      http_service:
+                        path_prefix: /outpost.goauthentik.io/auth/envoy
+                        server_uri:
+                          uri: http://host.docker.internal:9000
+                          cluster: docker_host_authentik
+                          timeout: 0.25s
+                        authorization_request:
+                          allowed_headers:
+                            patterns:
+                              - exact: "cookie"
+                                ignore_case: true
+                        authorization_response:
+                          allowed_upstream_headers:
+                            patterns:
+                              - exact: "set-cookie"
+                                ignore_case: true
+                              - prefix: "x-authentik-"
+                                ignore_case: true
+                          allowed_client_headers_on_success:
+                            patterns:
+                              - exact: "cookie"
+                                ignore_case: true
+                  - name: envoy.filters.http.router
+                    typed_config:
+                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: local_service
+                      domains: ["proxy.127.0.0.1.nip.io:10000"]
+                      routes:
+                        - match:
+                            prefix: "/"
+                          route:
+                            cluster: docker_host_whoami
+                    - name: local_service
+                      domains: ["*"]
+                      typed_per_filter_config:
+                        envoy.filters.http.ext_authz:
+                          "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
+                          disabled: true
+                      routes:
+                        - match:
+                            prefix: "/"
+                          route:
+                            cluster: docker_host_authentik
+
+  clusters:
+    - name: docker_host_authentik
+      type: LOGICAL_DNS
+      load_assignment:
+        cluster_name: docker_host_authentik
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: host.docker.internal
+                      port_value: 9000
+    - name: docker_host_whoami
+      type: LOGICAL_DNS
+      load_assignment:
+        cluster_name: docker_host_whoami
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: whoami
+                      port_value: 80