From 96aaad9421a0449fa7634959f522964394fc26e9 Mon Sep 17 00:00:00 2001 From: Rentaro Matsukata Date: Mon, 25 Mar 2024 11:39:17 -1000 Subject: [PATCH] fix(metadata envoy): upgrade envoy and config from 1.12 to 1.27 (#10589) Signed-off-by: Rentaro Matsukata --- third_party/metadata_envoy/Dockerfile | 2 +- third_party/metadata_envoy/envoy.yaml | 59 +++++++++++++++++++-------- 2 files changed, 44 insertions(+), 17 deletions(-) diff --git a/third_party/metadata_envoy/Dockerfile b/third_party/metadata_envoy/Dockerfile index 17f1430860..7830d5b7ad 100644 --- a/third_party/metadata_envoy/Dockerfile +++ b/third_party/metadata_envoy/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM envoyproxy/envoy:v1.12.2 +FROM envoyproxy/envoy:v1.27.3 RUN apt-get update -y && \ apt-get install --no-install-recommends -y -q gettext openssl diff --git a/third_party/metadata_envoy/envoy.yaml b/third_party/metadata_envoy/envoy.yaml index 2933d12da3..c5f866aebb 100644 --- a/third_party/metadata_envoy/envoy.yaml +++ b/third_party/metadata_envoy/envoy.yaml @@ -1,5 +1,9 @@ admin: - access_log_path: /tmp/admin_access.log + access_log: + name: admin_access + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /tmp/admin_access.log address: socket_address: { address: 0.0.0.0, port_value: 9901 } @@ -10,8 +14,9 @@ static_resources: socket_address: { address: 0.0.0.0, port_value: 9090 } filter_chains: - filters: - - name: envoy.http_connection_manager - config: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager codec_type: auto stat_prefix: ingress_http route_config: @@ -23,22 +28,44 @@ static_resources: - match: { prefix: "/" } route: cluster: metadata-cluster - max_grpc_timeout: 0s - cors: - allow_origin: - - "*" - allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout - max_age: "1728000" - expose_headers: custom-header-1,grpc-status,grpc-message + max_stream_duration: + grpc_timeout_header_max: '0s' + typed_per_filter_config: + envoy.filter.http.cors: + "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.CorsPolicy + allow_origin_string_match: + - safe_regex: + regex: ".*" + allow_methods: GET, PUT, DELETE, POST, OPTIONS + allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout + max_age: "1728000" + expose_headers: custom-header-1,grpc-status,grpc-message http_filters: - - name: envoy.grpc_web - - name: envoy.cors - - name: envoy.router + - name: envoy.filters.http.grpc_web + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb + - name: envoy.filters.http.cors + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: metadata-cluster connect_timeout: 30.0s type: logical_dns - http2_protocol_options: {} + typed_extension_protocol_options: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicit_http_config: + http2_protocol_options: {} lb_policy: round_robin - hosts: [{ socket_address: { address: "metadata-grpc-service", port_value: 8080 }}] + load_assignment: + cluster_name: metadata-grpc + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: metadata-grpc-service + port_value: 8080