This section describes how to configure cAPI in envoy.yaml file.
Path for envoy.yaml:
envoy.yaml: : <cAPI installation path>/config/envoy.yaml
To change log file location for admin access :
admin- access_log_path:
/tmp/admin_access.log # log file location for admin access
To change listener port:
static_resources: listeners: - name: listener_0 address: socket_address: { address: 0.0.0.0, port_value: <LISTENER_0_PORT> } # listener port
To change listener log file path:
static_resources: listeners: - name: listener_0 filter_chains: - filters: - name: envoy.http_connection_manager config: access_log: name: envoy.file_access_log config: path: /tmp/envoy.log # listener log file
To change Elastic Search Username/Password:
"esdb_cluster", { ["Authorization"] = "<ES_Authorization_Header>" // add Base 64 encoded username:password },
To change Elastic Search database, URL needs to be changed:
clusters: - name: esdb_cluster hosts: [{ socket_address: { address: <ESDB_IP>, port_value: <ESDB_PORT> }}]
To change EPS URL:
clusters: - name: eps_cluster hosts: [{ socket_address: { address: <EPS_IP>, port_value: <EPS_PORT> }}]
To change VIDM IP or PORT:
clusters: - name: jwks_cluster hosts: [{ socket_address: { address: <VIDM_IP>, port_value: <VIDM_PORT> }}]
To change VIDM Host Name, change the host name below:
- listeners: - filter_chains: - filters: - config: - route_config : virtual_hosts: routes: route: { host_rewrite: "<VIDM_HOST_NAME>", prefix_rewrite: "/SAAS/auth/oauthtoken",cluster: jwks_cluster }
-
listeners: - filter_chains: - filters: - http_filters: - config: providers: eventstore_auth: issuer: https://<VIDM_HOST_NAME>/SAAS/auth remote_jwks: http_uri: uri: https://<VIDM_HOST_NAME>/SAAS/API/1.0/REST/auth/token?attribute=publicKey&format=jwks
-
clusters: - name: tls_context: { sni: www.<VIDM_HOST_NAME> }
To add new route:
static_resources: listeners: - name: listener_0 filter_chains: - filters: route_config: routes: - match: { prefix: "/esdb/audit" } route: prefix_rewrite: "/audit" cluster: esdb_cluster retry_policy: retry_on: 5xx num_retries: 3 per_try_timeout: 0.300s request_headers_to_add: - header: key: "Authorization" value: "<ES_Authorization_Header>" append: true