ALTS¶
This extension may be referenced by the qualified name envoy.transport_sockets.alts
Note
This extension is intended to be robust against both untrusted downstream and upstream traffic.
Tip
This extension extends and can be used with the following extension categories:
extensions.transport_sockets.alts.v3.Alts¶
[extensions.transport_sockets.alts.v3.Alts proto]
Configuration for ALTS transport socket. This provides Google’s ALTS protocol to Envoy. https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/
{
"handshaker_service": "...",
"peer_service_accounts": []
}
- handshaker_service
(string, REQUIRED) The location of a handshaker service, this is usually 169.254.169.254:8080 on GCE.
- peer_service_accounts
(repeated string) The acceptable service accounts from peer, peers not in the list will be rejected in the handshake validation step. If empty, no validation will be performed.