Postgres proxy
This extension may be referenced by the qualified name envoy.filters.network.postgres_proxy
Note
This extension is only available in contrib images.
Note
This extension is not hardened and should only be used in deployments where both the downstream and upstream are trusted.
Tip
This extension extends and can be used with the following extension category:
Warning
This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.
Postgres Proxy configuration overview.
extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy
[extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy proto]
{
"stat_prefix": "...",
"enable_sql_parsing": "{...}",
"terminate_ssl": "..."
}
stat_prefix
(string, REQUIRED) The human readable prefix to use when emitting statistics.
enable_sql_parsing
(BoolValue) Controls whether SQL statements received in Frontend Query messages are parsed. Parsing is required to produce Postgres proxy filter metadata. Defaults to true.
terminate_ssl
(bool) Controls whether to terminate SSL session initiated by a client. If the value is false, the Postgres proxy filter will not try to terminate SSL session, but will pass all the packets to the upstream server. If the value is true, the Postgres proxy filter will try to terminate SSL session. In order to do that, the filter chain must use starttls transport socket. If the filter does not manage to terminate the SSL session, it will close the connection from the client. Refer to official documentation for details SSL Session Encryption Message Flow.