Giuseppe Lavagetto has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/399640 )
Change subject: Add envoy image with TLS termination.
......................................................................
Add envoy image with TLS termination.
Change-Id: I179af20ddc2c32d19f61cc0e44b4a80a4817ada9
---
A images/envoy-tls-local-proxy/Dockerfile.template
A images/envoy-tls-local-proxy/changelog
A images/envoy-tls-local-proxy/control
A images/envoy-tls-local-proxy/envoy-basic-config.yaml
4 files changed, 74 insertions(+), 0 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/operations/docker-images/production-images
refs/changes/40/399640/1
diff --git a/images/envoy-tls-local-proxy/Dockerfile.template
b/images/envoy-tls-local-proxy/Dockerfile.template
new file mode 100644
index 0000000..3ef811f
--- /dev/null
+++ b/images/envoy-tls-local-proxy/Dockerfile.template
@@ -0,0 +1,7 @@
+FROM {{ "envoy" | image_tag }}
+
+COPY envoy-basic-config.yaml /etc/envoy.yaml.tpl
+
+VOLUME ["/etc/ssl"]
+
+CMD ["/bin/entypoint"]
diff --git a/images/envoy-tls-local-proxy/changelog
b/images/envoy-tls-local-proxy/changelog
new file mode 100644
index 0000000..f5efcff
--- /dev/null
+++ b/images/envoy-tls-local-proxy/changelog
@@ -0,0 +1,5 @@
+envoy-tls-local-proxy (1.5.0-1) wikimedia; urgency=medium
+
+ * First release, without any special TLS settings for now.
+
+ -- Giuseppe Lavagetto <glavage...@wikimedia.org> Thu, 21 Dec 2017 15:26:11
+0100
diff --git a/images/envoy-tls-local-proxy/control
b/images/envoy-tls-local-proxy/control
new file mode 100644
index 0000000..ee120ba
--- /dev/null
+++ b/images/envoy-tls-local-proxy/control
@@ -0,0 +1,4 @@
+Package: envoy-tls-local-proxy
+Description: Basic envoy proxy container, with TLS support
+Maintainer: Giuseppe Lavagetto <j...@wikimedia.org>
+Depends: envoy
diff --git a/images/envoy-tls-local-proxy/envoy-basic-config.yaml
b/images/envoy-tls-local-proxy/envoy-basic-config.yaml
new file mode 100644
index 0000000..853d71e
--- /dev/null
+++ b/images/envoy-tls-local-proxy/envoy-basic-config.yaml
@@ -0,0 +1,58 @@
+admin:
+ access_log_path: /tmp/admin_access.log
+ address:
+ socket_address: { address: 127.0.0.1, port_value: 9090 }
+
+static_resources:
+ listeners:
+ - name: listener_http
+ address:
+ socket_address: { address: 127.0.0.1, port_value: 8080 }
+ filter_chains:
+ - filters:
+ - name: envoy.http_connection_manager
+ config:
+ stat_prefix: $SERVICE_NAME
+ codec_type: AUTO
+ route_config:
+ name: local_route
+ virtual_hosts:
+ - name: backend
+ domains: ["*"]
+ routes:
+ - match: { prefix: "/" }
+ route: { cluster: local_service }
+ http_filters:
+ - name: envoy.router
+ - name: listener_https
+ address:
+ socket_address: { address: 127.0.0.1, port_value: 8081 }
+ filter_chains:
+ - tls_context:
+ common_tls_context:
+ tls_certificates:
+ - certificate_chain: { filename: "/etc/ssl/service_cert.pem" }
+ private_key: { filename: "/etc/ssl/service_key.pem" }
+ filters:
+ - name: envoy.http_connection_manager
+ config:
+ stat_prefix: $SERVICE_NAME
+ codec_type: AUTO
+ route_config:
+ name: local_route
+ virtual_hosts:
+ - name: backend
+ domains: ["*"]
+ routes:
+ - match: { prefix: "/" }
+ route: { cluster: local_service }
+ http_filters:
+ - name: envoy.router
+ clusters:
+ - name: local_service
+ connect_timeout: 0.25s
+ http_protocol_options:
+ allow_absolute_url: false
+ type: STATIC
+ lb_policy: ROUND_ROBIN
+ hosts: [{ socket_address: { address: 127.0.0.1, port_value: $SERVICE_PORT
}}]
--
To view, visit https://gerrit.wikimedia.org/r/399640
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I179af20ddc2c32d19f61cc0e44b4a80a4817ada9
Gerrit-PatchSet: 1
Gerrit-Project: operations/docker-images/production-images
Gerrit-Branch: master
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
