From e9e5c267e6b060e1b50a7097d000d2254a43c4bc Mon Sep 17 00:00:00 2001 From: Sanne Raymaekers Date: Fri, 19 Jan 2024 13:58:57 +0100 Subject: [PATCH] templates/gateway: use appsre's envoyproxy image The revert was necessary to unstuck the app-interface CI. --- README.md | 3 +-- distribution/Dockerfile | 5 ----- templates/gateway.yml | 19 +++++++++++++------ tools/build.sh | 2 +- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 6f230a5..d2622cf 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,7 @@ Gateway for the image builder community service. To run envoy: ``` -docker build -t envoy-gateway -f ./distribution/Dockerfile . -docker run --net=host -v $PWD/example:/app -it envoy-gateway envoy -c /app/config.yaml +docker run --net=host -v $PWD/example:/app -it envoyproxy/envoy:distroless-v1.29-latest -c /app/config.yaml ``` To try it out: diff --git a/distribution/Dockerfile b/distribution/Dockerfile index 489cfd7..2d179ec 100644 --- a/distribution/Dockerfile +++ b/distribution/Dockerfile @@ -6,9 +6,4 @@ ENV GOFLAGS=-mod=vendor RUN go build -o oidc-authorizer /oidc-authorizer/cmd/oidc-authorizer FROM quay.io/fedora/fedora-minimal:latest -RUN microdnf --nodocs upgrade -y -RUN rpm --import 'https://rpm.dl.getenvoy.io/public/gpg.CF716AF503183491.key' -RUN curl -sL 'https://rpm.dl.getenvoy.io/public/config.rpm.txt?distro=el&codename=9' > /etc/yum.repos.d/envoy.repo -RUN microdnf install -y getenvoy-envoy -RUN microdnf clean all COPY --from=builder /oidc-authorizer/oidc-authorizer /oidc-authorizer diff --git a/templates/gateway.yml b/templates/gateway.yml index b72455c..7df40ff 100644 --- a/templates/gateway.yml +++ b/templates/gateway.yml @@ -197,7 +197,7 @@ objects: topologyKey: kubernetes.io/hostname containers: - name: community-gateway - image: "${IMAGE_NAME}:${IMAGE_TAG}" + image: "${ENVOYPROXY_IMAGE_NAME}:${ENVOYPROXY_IMAGE_TAG}" command: - /usr/bin/envoy - --config-path @@ -240,7 +240,7 @@ objects: - name: sockets mountPath: /sockets - name: oidc-authorizer - image: "${IMAGE_NAME}:${IMAGE_TAG}" + image: "${OIDC_AUTHORIZER_IMAGE_NAME}:${IMAGE_TAG}" command: - /oidc-authorizer ports: @@ -324,13 +324,20 @@ objects: protocol: TCP parameters: -- description: community-gateway image name - name: IMAGE_NAME - value: quay.io/cloudservices/community-gateway +- description: oidc authorizer image name + name: OIDC_AUTHORIZER_IMAGE_NAME + value: quay.io/cloudservices/oidc-authorizer required: true -- description: community-gateway tag, will be set by the deployment pipeline +- description: oidc authorizer tag, will be set by the deployment pipeline name: IMAGE_TAG required: true +- description: envoy proxy image name + name: ENVOYPROXY_IMAGE_NAME + value: quay.io/app-sre/envoyproxy + required: true +- description: envoy proxy tag + name: ENVOYPROXY_IMAGE_TAG + value: "v1.28.0" - description: number of pods to spin up, minimum 3 name: REPLICAS value: "3" diff --git a/tools/build.sh b/tools/build.sh index f743bd9..0cf320d 100755 --- a/tools/build.sh +++ b/tools/build.sh @@ -2,7 +2,7 @@ # AppSRE runs this script to build the container and push it to Quay. set -exv -IMAGE_NAME="quay.io/cloudservices/community-gateway" +IMAGE_NAME="quay.io/cloudservices/oidc-authorizer" IMAGE_TAG=$(git rev-parse --short=7 HEAD) if [[ -z "$QUAY_USER" || -z "$QUAY_TOKEN" ]]; then