templates/gateway: use appsre's envoyproxy image

The revert was necessary to unstuck the app-interface CI.
osbuild · Jan 19, 2024 · e9e5c26 · e9e5c26
1 parent 23c0316
commit e9e5c26
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -7,8 +7,7 @@ Gateway for the image builder community service.
 
 To run envoy:
 ```
-docker build -t envoy-gateway -f ./distribution/Dockerfile .
-docker run --net=host -v $PWD/example:/app -it envoy-gateway envoy -c /app/config.yaml
+docker run --net=host -v $PWD/example:/app -it envoyproxy/envoy:distroless-v1.29-latest -c /app/config.yaml
 ```
 
 To try it out:

diff --git a/distribution/Dockerfile b/distribution/Dockerfile
@@ -6,9 +6,4 @@ ENV GOFLAGS=-mod=vendor
 RUN go build -o oidc-authorizer /oidc-authorizer/cmd/oidc-authorizer
 
 FROM quay.io/fedora/fedora-minimal:latest
-RUN microdnf --nodocs upgrade -y
-RUN rpm --import 'https://rpm.dl.getenvoy.io/public/gpg.CF716AF503183491.key'
-RUN curl -sL 'https://rpm.dl.getenvoy.io/public/config.rpm.txt?distro=el&codename=9' > /etc/yum.repos.d/envoy.repo
-RUN microdnf install -y getenvoy-envoy
-RUN microdnf clean all
 COPY --from=builder /oidc-authorizer/oidc-authorizer /oidc-authorizer
diff --git a/templates/gateway.yml b/templates/gateway.yml
@@ -197,7 +197,7 @@ objects:
                 topologyKey: kubernetes.io/hostname
         containers:
         - name: community-gateway
-          image: "${IMAGE_NAME}:${IMAGE_TAG}"
+          image: "${ENVOYPROXY_IMAGE_NAME}:${ENVOYPROXY_IMAGE_TAG}"
           command:
           - /usr/bin/envoy
           - --config-path
@@ -240,7 +240,7 @@ objects:
           - name: sockets
             mountPath: /sockets
         - name: oidc-authorizer
-          image: "${IMAGE_NAME}:${IMAGE_TAG}"
+          image: "${OIDC_AUTHORIZER_IMAGE_NAME}:${IMAGE_TAG}"
           command:
           - /oidc-authorizer
           ports:
@@ -324,13 +324,20 @@ objects:
         protocol: TCP
 
 parameters:
-- description: community-gateway image name
-  name: IMAGE_NAME
-  value: quay.io/cloudservices/community-gateway
+- description: oidc authorizer image name
+  name: OIDC_AUTHORIZER_IMAGE_NAME
+  value: quay.io/cloudservices/oidc-authorizer
   required: true
-- description: community-gateway tag, will be set by the deployment pipeline
+- description: oidc authorizer tag, will be set by the deployment pipeline
   name: IMAGE_TAG
   required: true
+- description: envoy proxy image name
+  name: ENVOYPROXY_IMAGE_NAME
+  value: quay.io/app-sre/envoyproxy
+  required: true
+- description: envoy proxy tag
+  name: ENVOYPROXY_IMAGE_TAG
+  value: "v1.28.0"
 - description: number of pods to spin up, minimum 3
   name: REPLICAS
   value: "3"

diff --git a/tools/build.sh b/tools/build.sh
@@ -2,7 +2,7 @@
 # AppSRE runs this script to build the container and push it to Quay.
 set -exv
 
-IMAGE_NAME="quay.io/cloudservices/community-gateway"
+IMAGE_NAME="quay.io/cloudservices/oidc-authorizer"
 IMAGE_TAG=$(git rev-parse --short=7 HEAD)
 
 if [[ -z "$QUAY_USER" || -z "$QUAY_TOKEN" ]]; then