Skip to content
Permalink
Browse files
envoy: use SDS to get jrock.us certs
  • Loading branch information
jrockway committed Apr 26, 2020
1 parent 97a7add commit 3d986f6322b54ebce00b95079b534c5fa116bf86
Showing 3 changed files with 11 additions and 6 deletions.
@@ -84,11 +84,9 @@ static_resources:
"@type": type.googleapis.com/envoy.api.v2.auth.DownstreamTlsContext
common_tls_context:
alpn_protocols: ["h2", "http/1.1"]
tls_certificates:
- certificate_chain:
filename: "/jrock.us/tls.crt"
private_key:
filename: "/jrock.us/tls.key"
tls_certificate_sds_secret_configs:
sds_config:
path: /etc/envoy/sds.yaml
filters:
- name: envoy.http_connection_manager
typed_config:
@@ -9,7 +9,7 @@ resources:
- client-cert.yaml
configMapGenerator:
- name: envoy-config
files: ["envoy.yaml"]
files: ["envoy.yaml", "sds.yaml"]
- name: envoy-policy
files: ["policy.rego=access/policy.rego"]
secretGenerator:
@@ -0,0 +1,7 @@
resources:
- "@type": "type.googleapis.com/envoy.api.v2.auth.Secret"
tls_certificate:
certificate_chain:
filename: "/jrock.us/tls.crt"
private_key:
filename: "/jrock.us/tls.key"

0 comments on commit 3d986f6

Please sign in to comment.