Skip to content

Commit

Permalink
envoy: use SDS to get jrock.us certs
Browse files Browse the repository at this point in the history
  • Loading branch information
jrockway committed Apr 26, 2020
1 parent 97a7add commit 3d986f6
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 6 deletions.
8 changes: 3 additions & 5 deletions ingress/public/envoy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -84,11 +84,9 @@ static_resources:
"@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
common_tls_context:
alpn_protocols: ["h2", "http/1.1"]
tls_certificates:
- certificate_chain:
filename: "/jrock.us/tls.crt"
private_key:
filename: "/jrock.us/tls.key"
tls_certificate_sds_secret_configs:
sds_config:
path: /etc/envoy/sds.yaml
filters:
- name: envoy.http_connection_manager
typed_config:
Expand Down
2 changes: 1 addition & 1 deletion ingress/public/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ resources:
- client-cert.yaml
configMapGenerator:
- name: envoy-config
files: ["envoy.yaml"]
files: ["envoy.yaml", "sds.yaml"]
- name: envoy-policy
files: ["policy.rego=access/policy.rego"]
secretGenerator:
Expand Down
7 changes: 7 additions & 0 deletions ingress/public/sds.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resources:
- "@type": "type.googleapis.com/envoy.api.v2.auth.Secret"
tls_certificate:
certificate_chain:
filename: "/jrock.us/tls.crt"
private_key:
filename: "/jrock.us/tls.key"

0 comments on commit 3d986f6

Please sign in to comment.