Link

Parameters

Fyde Envoy Proxy

  • Environment variables to override default values:
Key Default Value Type Description
COMPONENTLOGLEVEL grpc:debug,config:debug str Envoy’s component specific log level info
FYDE_PROXY_HOST proxy-client str Fyde Orchestrator’s hostname / DNS record
FYDE_PROXY_PORT 50051 str Fyde Orchestrator’s service port
LOGLEVEL info str Envoy’s global loglevel info

Fyde Proxy Orchestrator

  • The following override mechanisms will be processed in order, the last override representing the final value:

    1. default value
    2. configuration pushed from Fyde Enterprise Console
    3. overrides.json file on the CWD of the service process
    4. Docker provisioned secret (/run/secrets/<key>)
    5. AWS SSM (all keys prefixed with ‘fyde_’)
    6. AWS SecretsManager (all keys prefixed with ‘fyde_’)
    7. environment variable, prefixed with FYDE_ and all caps
Key Default Value Type Description
accept_any_authz_token False bool Accept any JWT auth tokens (no signature check)
api_ca_validation True bool Verify CA chain on TLS connection to Fyde Infra
authz_cache_negative_ttl 5 int Authentication cache TTL (seconds)
authz_cache_positive_ttl 30 int Authentication cache TTL (seconds)
authz_pubkey None str Authorizer EC Public Key (Used to verify authorization JWTs)
authz_timeout 30 int Fyde authorization call timeout (seconds)
forced_authz_response None bool Force an authz response (True: allow, False: denied)
disable_authz_cache False bool Disable authentication cache
enable_ipv6 False bool Enable ipv6 usage for DNS in envoy
enrollment_token None str Enrollment token provided by Fyde Enterprise Console
envoy_listener_port 8000 int Envoy General Listener port
envoy_prometheus True bool Prometheus metrics for Envoy Proxy status
envoy_prometheus_port 9000 int Prometheus for Envoy Proxy port
envoy_secrets None dict Currently it represents the proxy certificates that Envoy requires
grpc_insecure True bool gRPC insecure mode for the Fyde Proxy Orchestrator
grpc_listener ’[::]:50051’ str gRPC listener for the Fyde Proxy Orchestrator
mtls_ca_validation True bool Require and check client certificates belong to a given trusted CA
proxy_prometheus True bool Prometheus metrics for Fyde Proxy Orchestrator status
proxy_prometheus_port 9010 int Prometheus for Fyde Proxy Orchestrator port
redis_ssl False bool Enable SSL support for Redis connections
redis_sentinel_ssl False bool Enable SSL support for Redis Sentinel connections
redis_ssl_cert_reqs ‘none’ str SSL Certificate verification options. one of ‘none’, ‘optional’, ‘required’. See https://docs.python.org/3/library/ssl.html#ssl.SSLContext.verify_mode for more info
redis_ssl_key None str Redis/Sentinel SSL client authentication private key
      This can be a path to a file holding the key or the content of it inlined in the variable
redis_ssl_cert None str Redis/Sentinel SSL client authentication certificate
      This can be a path to a file holding the cert or the content of it inlined in the variable
redis_ssl_ca_certs None str Redis/Sentinel SSL CA trusted anchors
      This can be a path to a file holding the certs or the content of it inlined in the variable
redis_auth None str Redis auth key
redis_db 0 int Redis database
redis_host None str Used for HA mode only, leave empty in Fyde Access Proxy single mode
redis_port 6379 int Redis port
redis_timeout 1.0 float Redis socket_timeout in seconds
redis_sentinel_hosts None str Redis Sentinel comma separated list of host:port pairs
redis_sentinel_service_name None str Redis Sentinel service (cluster) name
redis_sentinel_wait_for_master 30 int Redis Sentinel time in seconds to wait for master