diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e69906c43e..2b2a3bef3f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,3 +29,8 @@ updates: directory: "/build/liqonet" schedule: interval: "daily" + + - package-ecosystem: "docker" + directory: "/build/proxy" + schedule: + interval: "daily" diff --git a/build/proxy/Dockerfile b/build/proxy/Dockerfile new file mode 100644 index 0000000000..56db241160 --- /dev/null +++ b/build/proxy/Dockerfile @@ -0,0 +1 @@ +FROM envoyproxy/envoy:v1.27.0 diff --git a/deployments/liqo/README.md b/deployments/liqo/README.md index d4de331178..353e684e4b 100644 --- a/deployments/liqo/README.md +++ b/deployments/liqo/README.md @@ -115,7 +115,7 @@ | openshiftConfig.enable | bool | `false` | Enable/Disable the OpenShift support, enabling Openshift-specific resources, and setting the pod security contexts in a way that is compatible with Openshift. | | openshiftConfig.virtualKubeletSCCs | list | `["anyuid"]` | Security context configurations granted to the virtual kubelet in the local cluster. The configuration of one or more SCCs for the virtual kubelet is not strictly required, and privileges can be reduced in production environments. Still, the default configuration (i.e., anyuid) is suggested to prevent problems (i.e., the virtual kubelet fails to add the appropriate labels) when attempting to offload pods not managed by higher-level abstractions (e.g., Deployments), and not associated with a properly privileged service account. Indeed, "anyuid" is the SCC automatically associated with pods created by cluster administrators. Any pod granted a more privileged SCC and not linked to an adequately privileged service account will fail to be offloaded. | | proxy.config.listeningPort | int | `8118` | Port used by the proxy pod. | -| proxy.imageName | string | `"envoyproxy/envoy:v1.21.0"` | Image repository for the proxy pod. | +| proxy.imageName | string | `"ghcr.io/liqotech/proxy"` | Image repository for the proxy pod. | | proxy.pod.annotations | object | `{}` | Annotations for the proxy pod. | | proxy.pod.extraArgs | list | `[]` | Extra arguments for the proxy pod. | | proxy.pod.labels | object | `{}` | Labels for the proxy pod. | diff --git a/deployments/liqo/templates/liqo-proxy-configmap.yaml b/deployments/liqo/templates/liqo-proxy-configmap.yaml index c636c186a1..de608e0ddd 100644 --- a/deployments/liqo/templates/liqo-proxy-configmap.yaml +++ b/deployments/liqo/templates/liqo-proxy-configmap.yaml @@ -56,6 +56,8 @@ data: {} http_filters: - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router clusters: - name: api_server connect_timeout: 1.25s diff --git a/deployments/liqo/templates/liqo-proxy-deployment.yaml b/deployments/liqo/templates/liqo-proxy-deployment.yaml index 745d2855dd..5bdc0a2a1e 100644 --- a/deployments/liqo/templates/liqo-proxy-deployment.yaml +++ b/deployments/liqo/templates/liqo-proxy-deployment.yaml @@ -27,7 +27,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} containers: - - image: {{ .Values.proxy.imageName }} + - image: {{ .Values.proxy.imageName }}{{ include "liqo.suffix" $proxyConfig }}:{{ include "liqo.version" $proxyConfig }} imagePullPolicy: {{ .Values.pullPolicy }} name: {{ $proxyConfig.name }} securityContext: diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml index 277e88e7ce..3f1c38d26f 100644 --- a/deployments/liqo/values.yaml +++ b/deployments/liqo/values.yaml @@ -481,7 +481,7 @@ proxy: limits: {} requests: {} # -- Image repository for the proxy pod. - imageName: "envoyproxy/envoy:v1.21.0" + imageName: "ghcr.io/liqotech/proxy" service: type: "ClusterIP" annotations: {}