static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 8000 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager codec_type: auto stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: upstream domains: - "*" routes: - match: prefix: "/" route: cluster: upstream-service http_filters: - name: envoy.filters.http.ext_authz typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz grpc_service: envoy_grpc: cluster_name: ext_authz-opa-service timeout: 0.250s transport_api_version: V2 - name: envoy.filters.http.router typed_config: {} clusters: - name: upstream-service connect_timeout: 0.250s type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: upstream-service endpoints: - lb_endpoints: - endpoint: address: socket_address: address: upstream-service port_value: 8080 - name: ext_authz-opa-service connect_timeout: 0.250s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: ext_authz-opa-service endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ext_authz-opa-service port_value: 9002