# yaml-language-server: $schema=https://github.com/jcchavezs/envoy-config-schema/releases/download/v1.21.0/v3_Bootstrap.json static_resources: listeners: - name: main_listener address: socket_address: address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http upgrade_configs: - upgrade_type: websocket access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog http_filters: - name: envoy.filters.http.ext_authz typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz transport_api_version: V3 http_service: path_prefix: /outpost.goauthentik.io/auth/envoy server_uri: uri: http://ak-test-outpost:9000 cluster: authentik_outpost timeout: 0.25s authorization_request: allowed_headers: patterns: - exact: "cookie" ignore_case: true authorization_response: allowed_upstream_headers: patterns: - exact: "set-cookie" ignore_case: true - prefix: "x-authentik-" ignore_case: true allowed_client_headers_on_success: patterns: - exact: "cookie" ignore_case: true - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: name: local_route virtual_hosts: - name: local_service domains: ["localhost"] routes: - match: prefix: "/outpost.goauthentik.io" route: cluster: authentik_outpost - match: prefix: "/" route: cluster: whoami - name: local_service domains: ["*"] typed_per_filter_config: envoy.filters.http.ext_authz: "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute disabled: true routes: - match: prefix: "/" route: cluster: authentik_outpost clusters: - name: authentik_outpost type: LOGICAL_DNS load_assignment: cluster_name: authentik_outpost endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ak-test-outpost port_value: 9000 - name: whoami type: LOGICAL_DNS load_assignment: cluster_name: whoami endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ak-whoami port_value: 80