Puppet Class: profile::envoy

Defined in:
modules/profile/manifests/envoy.pp

Summary

Sets up a basic installation of the envoy proxy. You will need to define listeners and clusters separately

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::envoy::ensure'))

    ensurable parameter

  • cluster (String) (defaults to: lookup('cluster'))

    the WMF cluster

  • runtime (Hash) (defaults to: lookup('profile::envoy::runtime', {'default_value' => {}}))

    the runtime.yaml config



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'modules/profile/manifests/envoy.pp', line 7

class profile::envoy(
    Wmflib::Ensure $ensure = lookup('profile::envoy::ensure'),
    String         $cluster = lookup('cluster'),
    Hash           $runtime = lookup('profile::envoy::runtime', {'default_value' => {}}),
) {
    # Envoy supports tcp fast open
    require profile::tcp_fast_open

    # Work around Let's Encrypt / DST Root CA X3 issues for bundled BoringSSL
    # from T292291
    class { 'sslcert::ca_deselect_dstx3': }

    $pkg_name = 'envoyproxy'
    $use_override = true
    $admin_port = 9631
    class { 'envoyproxy':
        ensure          => $ensure,
        admin_port      => $admin_port,
        pkg_name        => $pkg_name,
        use_override    => $use_override,
        service_cluster => $cluster,
        runtime         => $runtime,
    }
}