Set the envoy retry policy for external-authz filter (#5194)

* Add timeout for envoy ext_authz Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Upgrade envoy Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Set retry_policy for ext_authz service Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]>
pipe-cd · Sep 9, 2024 · 032e430 · 032e430
1 parent 7edbf2b
commit 032e430
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/manifests/pipecd/templates/deployment.yaml b/manifests/pipecd/templates/deployment.yaml
@@ -25,7 +25,7 @@ spec:
       {{- end }}
       containers:
         - name: envoy
-          image: envoyproxy/envoy-alpine:{{ .Values.gateway.imageTag }}
+          image: envoyproxy/envoy:{{ .Values.gateway.imageTag }}
           imagePullPolicy: IfNotPresent
           command:
           - envoy

diff --git a/manifests/pipecd/templates/envoy-configmap.yaml b/manifests/pipecd/templates/envoy-configmap.yaml
@@ -38,18 +38,31 @@ data:
                   grpc_service:
                     envoy_grpc:
                       cluster_name: grpc-envoy-ext-authz
+                      retry_policy:
+                        num_retries: 3
+                        retry_back_off:
+                          base_interval: 0.25s
+                          max_interval: 1s
+                        retry_on: 5xx
+                    timeout: 3s
                   transport_api_version: V3
                   include_peer_certificate: false
               - name: envoy.filters.http.grpc_web
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
 {{- if .Values.cors.enabled }}
               - name: envoy.filters.http.cors
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
 {{- end }}
               - name: envoy.filters.http.grpc_stats
                 typed_config:
                   "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig
                   stats_for_all_methods: true
                   enable_upstream_stats: true
               - name: envoy.filters.http.router
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
               route_config:
                 name: local_route
                 virtual_hosts:

diff --git a/manifests/pipecd/values.yaml b/manifests/pipecd/values.yaml
@@ -22,7 +22,7 @@ serviceAccount:
 # Workloads.
 gateway:
   replicasCount: 1
-  imageTag: v1.18.3
+  imageTag: v1.31.0
   resources: {}
   internalTLS:
     enabled: false