Giuseppe Lavagetto has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399640 )
Change subject: Add envoy image with TLS termination. ...................................................................... Add envoy image with TLS termination. Change-Id: I179af20ddc2c32d19f61cc0e44b4a80a4817ada9 --- A images/envoy-tls-local-proxy/Dockerfile.template A images/envoy-tls-local-proxy/changelog A images/envoy-tls-local-proxy/control A images/envoy-tls-local-proxy/envoy-basic-config.yaml 4 files changed, 74 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/docker-images/production-images refs/changes/40/399640/1 diff --git a/images/envoy-tls-local-proxy/Dockerfile.template b/images/envoy-tls-local-proxy/Dockerfile.template new file mode 100644 index 0000000..3ef811f --- /dev/null +++ b/images/envoy-tls-local-proxy/Dockerfile.template @@ -0,0 +1,7 @@ +FROM {{ "envoy" | image_tag }} + +COPY envoy-basic-config.yaml /etc/envoy.yaml.tpl + +VOLUME ["/etc/ssl"] + +CMD ["/bin/entypoint"] diff --git a/images/envoy-tls-local-proxy/changelog b/images/envoy-tls-local-proxy/changelog new file mode 100644 index 0000000..f5efcff --- /dev/null +++ b/images/envoy-tls-local-proxy/changelog @@ -0,0 +1,5 @@ +envoy-tls-local-proxy (1.5.0-1) wikimedia; urgency=medium + + * First release, without any special TLS settings for now. + + -- Giuseppe Lavagetto <glavage...@wikimedia.org> Thu, 21 Dec 2017 15:26:11 +0100 diff --git a/images/envoy-tls-local-proxy/control b/images/envoy-tls-local-proxy/control new file mode 100644 index 0000000..ee120ba --- /dev/null +++ b/images/envoy-tls-local-proxy/control @@ -0,0 +1,4 @@ +Package: envoy-tls-local-proxy +Description: Basic envoy proxy container, with TLS support +Maintainer: Giuseppe Lavagetto <j...@wikimedia.org> +Depends: envoy diff --git a/images/envoy-tls-local-proxy/envoy-basic-config.yaml b/images/envoy-tls-local-proxy/envoy-basic-config.yaml new file mode 100644 index 0000000..853d71e --- /dev/null +++ b/images/envoy-tls-local-proxy/envoy-basic-config.yaml @@ -0,0 +1,58 @@ +admin: + access_log_path: /tmp/admin_access.log + address: + socket_address: { address: 127.0.0.1, port_value: 9090 } + +static_resources: + listeners: + - name: listener_http + address: + socket_address: { address: 127.0.0.1, port_value: 8080 } + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + stat_prefix: $SERVICE_NAME + codec_type: AUTO + route_config: + name: local_route + virtual_hosts: + - name: backend + domains: ["*"] + routes: + - match: { prefix: "/" } + route: { cluster: local_service } + http_filters: + - name: envoy.router + - name: listener_https + address: + socket_address: { address: 127.0.0.1, port_value: 8081 } + filter_chains: + - tls_context: + common_tls_context: + tls_certificates: + - certificate_chain: { filename: "/etc/ssl/service_cert.pem" } + private_key: { filename: "/etc/ssl/service_key.pem" } + filters: + - name: envoy.http_connection_manager + config: + stat_prefix: $SERVICE_NAME + codec_type: AUTO + route_config: + name: local_route + virtual_hosts: + - name: backend + domains: ["*"] + routes: + - match: { prefix: "/" } + route: { cluster: local_service } + http_filters: + - name: envoy.router + clusters: + - name: local_service + connect_timeout: 0.25s + http_protocol_options: + allow_absolute_url: false + type: STATIC + lb_policy: ROUND_ROBIN + hosts: [{ socket_address: { address: 127.0.0.1, port_value: $SERVICE_PORT }}] -- To view, visit https://gerrit.wikimedia.org/r/399640 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I179af20ddc2c32d19f61cc0e44b4a80a4817ada9 Gerrit-PatchSet: 1 Gerrit-Project: operations/docker-images/production-images Gerrit-Branch: master Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits