testing build of envoy

Author: supaPatrick

ansible/files/envoy_config/envoy.conf.j2

@@ -0,0 +1,7 @@
+database = off
+declarative_config = /etc/kong/kong.yml
+
+# plugins defined in the dockerfile
+plugins = request-transformer,cors,key-auth,http-log
+
+proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834

ansible/files/envoy_config/envoy.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Kong server
+After=postgrest.service gotrue.service adminapi.service
+Wants=postgrest.service gotrue.service adminapi.service
+
+[Service]
+Type=forking
+ExecStart=/usr/local/bin/kong start -c /etc/kong/kong.conf
+ExecReload=/usr/local/bin/kong reload -c /etc/kong/kong.conf
+ExecStop=/usr/local/bin/kong stop
+User=kong
+EnvironmentFile=/etc/kong/kong.env
+Slice=services.slice
+Restart=always
+RestartSec=3
+LimitNOFILE=100000
+
+# The kong user is unpriviledged and thus not permited to bind on ports < 1024
+# Via systemd we grant the process a set of priviledges to bind to 80/443
+# See http://archive.vn/36zJU
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target

ansible/playbook.yml

@@ -56,6 +56,11 @@
       tags:
         - install-supabase-internal
 
+    - name: Install Envoy
+      import_tasks: tasks/setup-envoy.yml
+      tags:
+        - install-supabase-internal
+
     - name: Install nginx
       import_tasks: tasks/setup-nginx.yml
       tags:

ansible/tasks/setup-envoy.yml

@@ -0,0 +1,40 @@
+- name: Envoy - system user
+  user: name=envoy
+
+- name: Kong - download deb package
+  get_url:
+    url: "https://github.com/envoyproxy/envoy/releases/download/v{{ envoy_release }}/envoy-{{ envoy_release }}-linux-aarch_64"
+    dest: /etc/envoy/envoy
+    checksum: "{{ envoy_release_checksum }}"
+
+- name: Kong - configuration
+  template:
+    src: files/envoy_config/envoy.conf.j2
+    dest: /etc/envoy/envoy.conf
+
+- name: Kong - hand over ownership of /usr/local/envoy to user envoy
+  file:
+    path: /usr/local/envoy
+    recurse: yes
+    owner: envoy
+
+# [warn] ulimit is currently set to "1024". For better performance set it to at least
+# "4096" using "ulimit -n"
+- name: Envoy - bump up ulimit
+  pam_limits:
+    limit_item: nofile
+    limit_type: soft
+    domain: envoy
+    value: "4096"
+
+- name: Envoy - create service file
+  template:
+    src: files/envoy_config/envoy.service.j2
+    dest: /etc/systemd/system/envoy.service
+
+- name: Envoy - disable service
+  systemd:
+    enabled: no
+    name: envoy
+    state: stopped
+    daemon_reload: yes

ansible/vars.yml

@@ -28,6 +28,9 @@ kong_release_target: focal # if it works, it works
 kong_deb: kong_2.8.1_arm64.deb
 kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61
 
+envoy_release: "1.26.0"
+emvoy_release_checksum: sha1:57d5bb8bfbc66d7ba4705b98ddab9ddebc069708
+
 nginx_release: 1.22.0
 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93