Skip to content

Commit 3d986f6

Browse files
jrockwayjrockway
committed
envoy: use SDS to get jrock.us certs
1 parent 97a7add commit 3d986f6

File tree

3 files changed

+11
-6
lines changed

3 files changed

+11
-6
lines changed

ingress/public/envoy.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -84,11 +84,9 @@ static_resources:
8484
"@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
8585
common_tls_context:
8686
alpn_protocols: ["h2", "http/1.1"]
87-
tls_certificates:
88-
- certificate_chain:
89-
filename: "/jrock.us/tls.crt"
90-
private_key:
91-
filename: "/jrock.us/tls.key"
87+
tls_certificate_sds_secret_configs:
88+
sds_config:
89+
path: /etc/envoy/sds.yaml
9290
filters:
9391
- name: envoy.http_connection_manager
9492
typed_config:

ingress/public/kustomization.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ resources:
99
- client-cert.yaml
1010
configMapGenerator:
1111
- name: envoy-config
12-
files: ["envoy.yaml"]
12+
files: ["envoy.yaml", "sds.yaml"]
1313
- name: envoy-policy
1414
files: ["policy.rego=access/policy.rego"]
1515
secretGenerator:

ingress/public/sds.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
resources:
2+
- "@type": "type.googleapis.com/envoy.api.v2.auth.Secret"
3+
tls_certificate:
4+
certificate_chain:
5+
filename: "/jrock.us/tls.crt"
6+
private_key:
7+
filename: "/jrock.us/tls.key"

0 commit comments

Comments
 (0)