Skip to content

Commit

Permalink
Revert "templates/gateway: use internal listener..."
Browse files Browse the repository at this point in the history 
This reverts commit 550581b.

Using the internal listener with 2 connection managers is tricky, as the
request needs to be 'upgraded' again to an HTTP CONNECT request, which
is only possible with http2 in envoy.
  • Loading branch information
@croissanne
croissanne committed Feb 2, 2024
1 parent 7ecd379 commit 05a4044
Showing 1 changed file with 11 additions and 66 deletions.
77 changes: 11 additions & 66 deletions templates/gateway.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,8 @@ objects:
pipe:
path: /sockets/admin.socket
bootstrap_extensions:
- name: envoy.bootstrap.internal_listener
typed_config:
"@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener
static_resources:
### Clusters ###
clusters:
# This backend is used to send metrics and probe requests to the admin endpoint.
Expand All @@ -44,18 +40,6 @@ objects:
pipe:
path: /sockets/admin.socket
- name: api-listener
connect_timeout: 2s
type: STRICT_DNS
load_assignment:
cluster_name: api-listener
endpoints:
- lb_endpoints:
- endpoint:
address:
envoy_internal_address:
server_listener_name: api-listener
- name: ext_fedora_auth
connect_timeout: 2s
type: STRICT_DNS
Expand Down Expand Up @@ -119,8 +103,11 @@ objects:
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- name: api-listener
internal_listener: {}
- name: ingress
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
filters:
- name: envoy.filters.network.http_connection_manager
Expand All @@ -131,9 +118,9 @@ objects:
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: /dev/stdout
stat_prefix: api-listener
stat_prefix: ingress
route_config:
name: api-listener
name: ingress
virtual_hosts:
- name: api
domains:
Expand All @@ -147,7 +134,10 @@ objects:
prefix: /api/image-builder
route:
cluster: image-builder
auto_host_rewrite: true
timeout: 30s
http_filters:
# Remove any identity headers cheeky clients might try to add
- name: envoy.filters.http.header_mutation
Expand Down Expand Up @@ -176,51 +166,6 @@ objects:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- name: ingress
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: /dev/stdout
stat_prefix: ingress
route_config:
name: ingress
virtual_hosts:
- name: api
domains:
- "*"
# Remove these headers in case someone adds them to the response
response_headers_to_remove:
- x-rh-identity
- x-fedora-identity
routes:
- match:
prefix: /api
route:
cluster: api-listener
auto_host_rewrite: true
timeout: 30s
- match:
prefix: /
redirect:
https_redirect: true
host_redirect: osbuild.org
path_redirect: /docs/service/fedora-console
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
- apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down

0 comments on commit 05a4044

Please sign in to comment.