Envoy Logo

boe gen-config

The gen-config command generates Envoy configuration YAML for the specified extensions. This is useful for inspecting the generated configuration, integrating with existing Envoy deployments, or using with external Envoy management tools.

By default, it outputs a complete Envoy bootstrap configuration ready to use with Envoy. Use the --minimal flag to generate only the extension-generated resources (useful for embedding in existing configs).

You can enable multiple extensions using the --extension flag, and also load extensions from local directories using --local for development and testing purposes.

Remote composer (Go plugin) extensions use oci:// URLs in the generated configuration, allowing Envoy to fetch the plugin binary directly from the OCI registry at runtime. Local extensions use file:// URLs pointing to the locally cached binaries.

Examples

Generate a complete Envoy configuration for the desired extensions:

boe gen-config --extension ip-restriction
boe gen-config --local ~/src/my-extension
# Generate minimal configuration with only extension-generated resources
boe gen-config --extension ip-restriction --minimal

Export the configuration and extension files to a folder by providing the --output flag:

boe gen-config --extension ip-restriction --output /tmp/export

Generate configuration providing dedicated JSON config to an extension:

boe gen-config --local ~/src/my-extension --config '{"client_id":"my-id","client_secret":"my-secret"}'

Generate configuration with an additional upstream cluster using the shorthand format host:tlsPort. The cluster name is the short format string itself (e.g. my-service.example.com:443):

boe gen-config --local ~/src/my-extension --cluster my-service.example.com:443

For full control over the cluster configuration, raw JSON is also supported:

boe gen-config --local ~/src/my-extension --cluster-json '{"name":"my-service","type":"STRICT_DNS","load_assignment":{"cluster_name":"my-service","endpoints":[{"lb_endpoints":[{"endpoint":{"address":{"socket_address":{"address":"my-service.example.com","port_value":443}}}}]}]}}'

Generate configuration from a specific version hosted in a custom OCI registry:

export BOE_REGISTRY=acme.org/extensions
export BOE_REGISTRY_USERNAME=username
export BOE_REGISTRY_PASSWORD=password

boe gen-config --extension example-go:0.3.0

Usage details

boe gen-config [flags]
boe gen-config --help

Flags

NameDescriptionTypeDefaultEnv VarRequired
--minimalGenerate configuration with only extension-generated resources (HTTP filters and clusters).bool--No
--listen-portPort for Envoy listener to accept incoming traffic.uint3210000-No
--admin-portPort for Envoy admin interface.uint329901-No
--extensionExtensions to enable (in the format: “name” or “name:version”).[]string--No
--localPath to a directory containing a local Extension to enable.[]string--No
--devWhether to allow downloading dev versions of extensions (with -dev suffix). By default, only stable versions are allowed.boolfalse-No
--configOptional JSON config string for extensions. Applied in order to combined —extension and —local flags.[]string--No
--clusterOptional additional Envoy cluster provided in the host:tlsPort pattern.[]string--No
--cluster-insecureOptional additional Envoy cluster (with TLS transport disabled) provided in the host:port pattern.[]string--No
--cluster-jsonOptional additional Envoy cluster providing the complete cluster config in JSON format.[]string--No
--registryOCI registry URL for the extensions.stringghcr.io/tetratelabs/built-on-envoyBOE_REGISTRYNo
--insecureAllow connecting to an insecure (HTTP) registry.boolfalseBOE_REGISTRY_INSECURENo
--usernameUsername for the OCI registry.string-BOE_REGISTRY_USERNAMENo
--passwordPassword for the OCI registry.string-BOE_REGISTRY_PASSWORDNo
--test-upstream-hostHostname for the test upstream cluster.stringhttpbin.org-No
--outputDirectory to put the generated config into. Use ”-” to print it to the standard output.string--No