Skip to content

Commit 3cf7aee

Browse files
ddelnanoddelnano
committed
[cloud] Upgrade envoy to v1.34 release
Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
1 parent 5b20e35 commit 3cf7aee

7 files changed

Lines changed: 259 additions & 143 deletions

File tree

k8s/cloud/base/proxy_deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ spec:
9898
type: RuntimeDefault
9999
- name: envoy
100100
imagePullPolicy: IfNotPresent
101-
image: envoyproxy/envoy:v1.12.2@sha256:b36ee021fc4d285de7861dbaee01e7437ce1d63814ead6ae3e4dfcad4a951b2e
101+
image: envoyproxy/envoy:v1.34.2@sha256:daca6a3f353ba289cc786d2162d13d4ec2b16d921c6c3f2fc57ce6f7900ab3d9
102102
command: ["envoy"]
103103
args: ["-c", "/etc/envoy.yaml", "--service-cluster", "$(POD_NAME)"]
104104
env:

k8s/cloud/base/proxy_envoy.yaml

Lines changed: 43 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,12 @@ data:
1313
filter_chains:
1414
- filters:
1515
- name: envoy.http_connection_manager
16-
config:
16+
typed_config:
17+
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
1718
access_log:
1819
- name: envoy.file_access_log
19-
config:
20+
typed_config:
21+
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
2022
path: "/dev/stdout"
2123
codec_type: auto
2224
stat_prefix: ingress_http
@@ -47,31 +49,48 @@ data:
4749
expose_headers: grpc-status,grpc-message,grpc-timeout
4850
allow_credentials: true
4951
http_filters:
50-
- name: envoy.grpc_web
51-
- name: envoy.cors
52-
- name: envoy.router
53-
tls_context:
54-
common_tls_context:
55-
alpn_protocols: "h2,http/1.1"
56-
tls_certificates:
57-
- certificate_chain:
58-
filename: "/certs/tls.crt"
59-
private_key:
60-
filename: "/certs/tls.key"
52+
- name: envoy.filters.http.grpc_web
53+
typed_config:
54+
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
55+
- name: envoy.filters.http.cors
56+
typed_config:
57+
"@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
58+
- name: envoy.filters.http.router
59+
typed_config:
60+
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
61+
transport_socket:
62+
name: envoy.transport_sockets.tls
63+
typed_config:
64+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
65+
common_tls_context:
66+
alpn_protocols: "h2,http/1.1"
67+
tls_certificates:
68+
- certificate_chain:
69+
filename: "/certs/tls.crt"
70+
private_key:
71+
filename: "/certs/tls.key"
6172
clusters:
6273
- name: api_service
6374
connect_timeout: 0.25s
6475
type: logical_dns
6576
http2_protocol_options: {}
6677
lb_policy: round_robin
67-
hosts:
68-
- socket_address:
69-
address: api-service
70-
port_value: 51200
71-
tls_context:
72-
common_tls_context:
73-
tls_certificates:
74-
- certificate_chain:
75-
filename: "/service-certs/client.crt"
76-
private_key:
77-
filename: "/service-certs/client.key"
78+
load_assignment:
79+
cluster_name: api_service
80+
endpoints:
81+
- lb_endpoints:
82+
- endpoint:
83+
address:
84+
socket_address:
85+
address: api-service
86+
port_value: 51200
87+
transport_socket:
88+
name: envoy.transport_sockets.tls
89+
typed_config:
90+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
91+
common_tls_context:
92+
tls_certificates:
93+
- certificate_chain:
94+
filename: "/service-certs/client.crt"
95+
private_key:
96+
filename: "/service-certs/client.key"

k8s/cloud/dev/proxy_envoy.yaml

Lines changed: 43 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,12 @@ data:
2020
filter_chains:
2121
- filters:
2222
- name: envoy.http_connection_manager
23-
config:
23+
typed_config:
24+
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
2425
access_log:
2526
- name: envoy.file_access_log
26-
config:
27+
typed_config:
28+
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
2729
path: "/dev/stdout"
2830
codec_type: auto
2931
stat_prefix: ingress_http
@@ -54,30 +56,48 @@ data:
5456
expose_headers: grpc-status,grpc-message,grpc-timeout
5557
allow_credentials: true
5658
http_filters:
57-
- name: envoy.grpc_web
58-
- name: envoy.cors
59-
- name: envoy.router
60-
tls_context:
61-
common_tls_context:
62-
tls_certificates:
63-
- certificate_chain:
64-
filename: "/certs/tls.crt"
65-
private_key:
66-
filename: "/certs/tls.key"
59+
- name: envoy.filters.http.grpc_web
60+
typed_config:
61+
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
62+
- name: envoy.filters.http.cors
63+
typed_config:
64+
"@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
65+
- name: envoy.filters.http.router
66+
typed_config:
67+
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
68+
transport_socket:
69+
name: envoy.transport_sockets.tls
70+
typed_config:
71+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
72+
common_tls_context:
73+
alpn_protocols: "h2,http/1.1"
74+
tls_certificates:
75+
- certificate_chain:
76+
filename: "/certs/tls.crt"
77+
private_key:
78+
filename: "/certs/tls.key"
6779
clusters:
6880
- name: api_service
6981
connect_timeout: 0.25s
7082
type: logical_dns
7183
http2_protocol_options: {}
7284
lb_policy: round_robin
73-
hosts:
74-
- socket_address:
75-
address: api-service
76-
port_value: 51200
77-
tls_context:
78-
common_tls_context:
79-
tls_certificates:
80-
- certificate_chain:
81-
filename: "/service-certs/client.crt"
82-
private_key:
83-
filename: "/service-certs/client.key"
85+
load_assignment:
86+
cluster_name: api_service
87+
endpoints:
88+
- lb_endpoints:
89+
- endpoint:
90+
address:
91+
socket_address:
92+
address: api-service
93+
port_value: 51200
94+
transport_socket:
95+
name: envoy.transport_sockets.tls
96+
typed_config:
97+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
98+
common_tls_context:
99+
tls_certificates:
100+
- certificate_chain:
101+
filename: "/service-certs/client.crt"
102+
private_key:
103+
filename: "/service-certs/client.key"

k8s/cloud/prod/proxy_envoy.yaml

Lines changed: 43 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,12 @@ data:
1515
filter_chains:
1616
- filters:
1717
- name: envoy.http_connection_manager
18-
config:
18+
typed_config:
19+
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
1920
access_log:
2021
- name: envoy.file_access_log
21-
config:
22+
typed_config:
23+
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
2224
path: "/dev/stdout"
2325
codec_type: auto
2426
stat_prefix: ingress_http
@@ -49,31 +51,48 @@ data:
4951
expose_headers: grpc-status,grpc-message,grpc-timeout
5052
allow_credentials: true
5153
http_filters:
52-
- name: envoy.grpc_web
53-
- name: envoy.cors
54-
- name: envoy.router
55-
tls_context:
56-
common_tls_context:
57-
alpn_protocols: "h2,http/1.1"
58-
tls_certificates:
59-
- certificate_chain:
60-
filename: "/certs/tls.crt"
61-
private_key:
62-
filename: "/certs/tls.key"
54+
- name: envoy.filters.http.grpc_web
55+
typed_config:
56+
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
57+
- name: envoy.filters.http.cors
58+
typed_config:
59+
"@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
60+
- name: envoy.filters.http.router
61+
typed_config:
62+
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
63+
transport_socket:
64+
name: envoy.transport_sockets.tls
65+
typed_config:
66+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
67+
common_tls_context:
68+
alpn_protocols: "h2,http/1.1"
69+
tls_certificates:
70+
- certificate_chain:
71+
filename: "/certs/tls.crt"
72+
private_key:
73+
filename: "/certs/tls.key"
6374
clusters:
6475
- name: api_service
6576
connect_timeout: 0.25s
6677
type: logical_dns
6778
http2_protocol_options: {}
6879
lb_policy: round_robin
69-
hosts:
70-
- socket_address:
71-
address: api-service
72-
port_value: 51200
73-
tls_context:
74-
common_tls_context:
75-
tls_certificates:
76-
- certificate_chain:
77-
filename: "/service-certs/client.crt"
78-
private_key:
79-
filename: "/service-certs/client.key"
80+
load_assignment:
81+
cluster_name: api_service
82+
endpoints:
83+
- lb_endpoints:
84+
- endpoint:
85+
address:
86+
socket_address:
87+
address: api-service
88+
port_value: 51200
89+
transport_socket:
90+
name: envoy.transport_sockets.tls
91+
typed_config:
92+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
93+
common_tls_context:
94+
tls_certificates:
95+
- certificate_chain:
96+
filename: "/service-certs/client.crt"
97+
private_key:
98+
filename: "/service-certs/client.key"

k8s/cloud/public/base/proxy_envoy.yaml

Lines changed: 43 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,12 @@ data:
2020
filter_chains:
2121
- filters:
2222
- name: envoy.http_connection_manager
23-
config:
23+
typed_config:
24+
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
2425
access_log:
2526
- name: envoy.file_access_log
26-
config:
27+
typed_config:
28+
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
2729
path: "/dev/stdout"
2830
codec_type: auto
2931
stat_prefix: ingress_http
@@ -54,30 +56,48 @@ data:
5456
expose_headers: grpc-status,grpc-message,grpc-timeout
5557
allow_credentials: true
5658
http_filters:
57-
- name: envoy.grpc_web
58-
- name: envoy.cors
59-
- name: envoy.router
60-
tls_context:
61-
common_tls_context:
62-
tls_certificates:
63-
- certificate_chain:
64-
filename: "/certs/tls.crt"
65-
private_key:
66-
filename: "/certs/tls.key"
59+
- name: envoy.filters.http.grpc_web
60+
typed_config:
61+
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
62+
- name: envoy.filters.http.cors
63+
typed_config:
64+
"@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
65+
- name: envoy.filters.http.router
66+
typed_config:
67+
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
68+
transport_socket:
69+
name: envoy.transport_sockets.tls
70+
typed_config:
71+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
72+
common_tls_context:
73+
alpn_protocols: "h2,http/1.1"
74+
tls_certificates:
75+
- certificate_chain:
76+
filename: "/certs/tls.crt"
77+
private_key:
78+
filename: "/certs/tls.key"
6779
clusters:
6880
- name: api_service
6981
connect_timeout: 0.25s
7082
type: logical_dns
7183
http2_protocol_options: {}
7284
lb_policy: round_robin
73-
hosts:
74-
- socket_address:
75-
address: api-service
76-
port_value: 51200
77-
tls_context:
78-
common_tls_context:
79-
tls_certificates:
80-
- certificate_chain:
81-
filename: "/service-certs/client.crt"
82-
private_key:
83-
filename: "/service-certs/client.key"
85+
load_assignment:
86+
cluster_name: api_service
87+
endpoints:
88+
- lb_endpoints:
89+
- endpoint:
90+
address:
91+
socket_address:
92+
address: api-service
93+
port_value: 51200
94+
transport_socket:
95+
name: envoy.transport_sockets.tls
96+
typed_config:
97+
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
98+
common_tls_context:
99+
tls_certificates:
100+
- certificate_chain:
101+
filename: "/service-certs/client.crt"
102+
private_key:
103+
filename: "/service-certs/client.key"

0 commit comments

Comments
 (0)