From 11d13ece71ce36619128923305a01de2b8da2f68 Mon Sep 17 00:00:00 2001 From: don2112e Date: Fri, 5 Dec 2025 10:02:21 +0000 Subject: [PATCH 1/2] remove port 8080 exposure from envoy proxy Signed-off-by: don2112e --- .gitignore | 3 +++ .../templates/configmap/envoy-configmap.yaml | 26 ------------------- .../templates/deployment/deployment.yaml | 5 +--- .../templates/service/service.yaml | 4 --- .../values.yaml | 1 - docker-compose.yaml | 1 - envoy.Dockerfile | 4 +-- 7 files changed, 6 insertions(+), 38 deletions(-) diff --git a/.gitignore b/.gitignore index 68bc17f..8f681ec 100644 --- a/.gitignore +++ b/.gitignore @@ -158,3 +158,6 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +helloworldAppPackage/ +csar-output/ \ No newline at end of file diff --git a/charts/eric-oss-hello-world-python-app/templates/configmap/envoy-configmap.yaml b/charts/eric-oss-hello-world-python-app/templates/configmap/envoy-configmap.yaml index 422deac..bf71f2e 100644 --- a/charts/eric-oss-hello-world-python-app/templates/configmap/envoy-configmap.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/configmap/envoy-configmap.yaml @@ -57,32 +57,6 @@ data: validation_context: trusted_ca: filename: {{ printf "%s/%s" (default $.Values.instantiationDefaults.proxyCaCertMountPath $.Values.proxyCaCertMountPath) (default $.Values.instantiationDefaults.platformCaCertFileName $.Values.platformCaCertFileName) | quote }} - # Plain HTTP listener for other endpoints - - name: listener_http - address: - socket_address: - address: 0.0.0.0 - port_value: 8080 - filter_chains: - - filters: - - name: envoy.filters.network.http_connection_manager - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - stat_prefix: ingress_http_plain - route_config: - virtual_hosts: - - name: plain_service - domains: ["*"] - routes: - - match: - path: "/sample-app/python/health" - route: - cluster: eric-oss-hello-world-python-app-cluster - http_filters: - - name: envoy.filters.http.router - typed_config: - "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - clusters: - name: eric-oss-hello-world-python-app-cluster type: STATIC diff --git a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml index 1f19933..70350b7 100644 --- a/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/deployment/deployment.yaml @@ -156,7 +156,7 @@ spec: value: "/etc/adp/logcontrol.json" {{- include "eric-oss-hello-world-python-app.jaegerEnv" . | indent 12 }} ports: - - name: http-metrics + - name: http containerPort: 8050 protocol: TCP livenessProbe: @@ -215,9 +215,6 @@ spec: command: ["envoy"] args: ["-c", "/etc/envoy/envoy.yaml", "--base-id", "1"] ports: - - name: envoy-http - containerPort: 8080 - protocol: TCP - name: envoy-https containerPort: 8443 protocol: TCP diff --git a/charts/eric-oss-hello-world-python-app/templates/service/service.yaml b/charts/eric-oss-hello-world-python-app/templates/service/service.yaml index b1f5b80..45569fa 100644 --- a/charts/eric-oss-hello-world-python-app/templates/service/service.yaml +++ b/charts/eric-oss-hello-world-python-app/templates/service/service.yaml @@ -15,10 +15,6 @@ spec: ipFamilies: [{{ .Values.global.internalIPFamily }}] {{- end }} ports: - - port: {{ index .Values.service "http-port" }} - targetPort: {{ .Values.service.httpTargetPort | default 8080 }} - protocol: TCP - name: envoy-http - port: {{ index .Values.service "https-port" }} targetPort: {{ .Values.service.httpsTargetPort | default 8443 }} protocol: TCP diff --git a/charts/eric-oss-hello-world-python-app/values.yaml b/charts/eric-oss-hello-world-python-app/values.yaml index 56577ee..54191ed 100644 --- a/charts/eric-oss-hello-world-python-app/values.yaml +++ b/charts/eric-oss-hello-world-python-app/values.yaml @@ -43,7 +43,6 @@ seccompProfile: service: type: ClusterIP - http-port: 8080 https-port: 8443 resources: diff --git a/docker-compose.yaml b/docker-compose.yaml index 930dea8..a4ef056 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -17,5 +17,4 @@ services: depends_on: - app ports: - - "8080:8080" - "8443:8443" diff --git a/envoy.Dockerfile b/envoy.Dockerfile index 7d37bd4..a44cb2c 100644 --- a/envoy.Dockerfile +++ b/envoy.Dockerfile @@ -1,6 +1,6 @@ -FROM envoyproxy/envoy:distroless-v1.35.0 +FROM envoyproxy/envoy:distroless-v1.36.3 USER 60577:60577 -EXPOSE 8080 8443 +EXPOSE 8443 CMD ["envoy", "-c", "/etc/envoy/envoy.yaml"] From 794b135b46b4dab5e9ec08869ec531e0038d971b Mon Sep 17 00:00:00 2001 From: don2112e Date: Fri, 5 Dec 2025 16:14:10 +0000 Subject: [PATCH 2/2] update envoy proxy version to 1.36.2 --- envoy.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/envoy.Dockerfile b/envoy.Dockerfile index a44cb2c..47c52ee 100644 --- a/envoy.Dockerfile +++ b/envoy.Dockerfile @@ -1,4 +1,4 @@ -FROM envoyproxy/envoy:distroless-v1.36.3 +FROM envoyproxy/envoy:distroless-v1.36.2 USER 60577:60577 EXPOSE 8443