82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# File 'modules/envoyproxy/manifests/tls_terminator.pp', line 82
define envoyproxy::tls_terminator(
Array[Envoyproxy::Tlsconfig] $upstreams = [],
Boolean $access_log = false,
Boolean $websockets = false,
Boolean $use_remote_address = true,
Integer $fast_open_queue = 0,
Float $connect_timeout = 1.0,
Float $upstream_response_timeout = 65.0,
Boolean $capitalize_headers = false,
Boolean $listen_ipv6 = false,
Optional[Hash] $retry_policy = undef,
Optional[Stdlib::Port] $redir_port = undef,
Optional[String] $global_cert_path = undef,
Optional[String] $global_key_path = undef,
Optional[Float] $idle_timeout = undef,
Optional[Integer] $max_requests_per_conn = undef,
) {
# First of all, we can't configure a tls terminator if envoy is not installed.
if !defined(Class['envoyproxy']) {
fail('envoyproxy::tls_terminator should only be used once the envoyproxy class is declared.')
}
# As this is a fundamental function, install it with high priority
# Please note they will be removed if we remove the terminator declaration.
# We need a separate definition for each upstream cluster
$upstreams.each |$upstream| {
$upstream_name = "local_port_${upstream['upstream_port']}"
envoyproxy::cluster { "cluster_${upstream_name}":
priority => 0,
content => template('envoyproxy/tls_terminator/cluster.yaml.erb'),
}
}
envoyproxy::listener { "tls_terminator_${name}":
priority => 0,
content => template('envoyproxy/tls_terminator/listener.yaml.erb'),
}
if $redir_port {
# Redirection is less important, install it at the bottom of the pyle.
envoyproxy::listener { "http_redirect_${name}":
priority => 99,
content => template('envoyproxy/tls_terminator/redirect_listener.yaml.erb')
}
}
}
|