From 05a404413cb9fff8fb982fba56d10f3c10d263cb Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Fri, 2 Feb 2024 17:43:24 +0100 Subject: [PATCH] Revert "templates/gateway: use internal listener..." This reverts commit 550581b387c4154c747a7198fd605a8edb1f0703. Using the internal listener with 2 connection managers is tricky, as the request needs to be 'upgraded' again to an HTTP CONNECT request, which is only possible with http2 in envoy. --- templates/gateway.yml | 77 +++++++------------------------------------ 1 file changed, 11 insertions(+), 66 deletions(-) diff --git a/templates/gateway.yml b/templates/gateway.yml index 9a08aeb..2c87cb4 100644 --- a/templates/gateway.yml +++ b/templates/gateway.yml @@ -22,12 +22,8 @@ objects: pipe: path: /sockets/admin.socket - bootstrap_extensions: - - name: envoy.bootstrap.internal_listener - typed_config: - "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener - static_resources: + ### Clusters ### clusters: # This backend is used to send metrics and probe requests to the admin endpoint. @@ -44,18 +40,6 @@ objects: pipe: path: /sockets/admin.socket - - name: api-listener - connect_timeout: 2s - type: STRICT_DNS - load_assignment: - cluster_name: api-listener - endpoints: - - lb_endpoints: - - endpoint: - address: - envoy_internal_address: - server_listener_name: api-listener - - name: ext_fedora_auth connect_timeout: 2s type: STRICT_DNS @@ -119,8 +103,11 @@ objects: typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - name: api-listener - internal_listener: {} + - name: ingress + address: + socket_address: + address: 0.0.0.0 + port_value: 10000 filter_chains: filters: - name: envoy.filters.network.http_connection_manager @@ -131,9 +118,9 @@ objects: typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog path: /dev/stdout - stat_prefix: api-listener + stat_prefix: ingress route_config: - name: api-listener + name: ingress virtual_hosts: - name: api domains: @@ -147,7 +134,10 @@ objects: prefix: /api/image-builder route: cluster: image-builder + auto_host_rewrite: true timeout: 30s + + http_filters: # Remove any identity headers cheeky clients might try to add - name: envoy.filters.http.header_mutation @@ -176,51 +166,6 @@ objects: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - name: ingress - address: - socket_address: - address: 0.0.0.0 - port_value: 10000 - filter_chains: - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - access_log: - - name: envoy.access_loggers.file - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog - path: /dev/stdout - stat_prefix: ingress - route_config: - name: ingress - virtual_hosts: - - name: api - domains: - - "*" - # Remove these headers in case someone adds them to the response - response_headers_to_remove: - - x-rh-identity - - x-fedora-identity - routes: - - match: - prefix: /api - route: - cluster: api-listener - auto_host_rewrite: true - timeout: 30s - - match: - prefix: / - redirect: - https_redirect: true - host_redirect: osbuild.org - path_redirect: /docs/service/fedora-console - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - - - apiVersion: apps/v1 kind: Deployment metadata: