Add envoy filter to additional manifests

defenseunicorns · Mar 8, 2024 · b58176a · b58176a
1 parent 240f87f
commit b58176a
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -99,7 +99,7 @@ These are the default bucket names. Gitlab allows you to add a suffix in your `u
 Deployment configuration is managed via a `uds-config.yaml` file in the deployment directory. Some values in the configuration will be sensitive, **we do not recommend checking this into source control in its entierty**. Best practice would involve either storing the configuration in an external secrets manager (like Vault), or managing deployments via CD and generating the config file dynamically at deploy time using CD managed secrets.
 
 For demonstration purposes, you can setup a local configfile as follows:
-* Copy an example configuration from [uds-config/uds-core-swf/dev-cluster/uds-config.yaml](uds-config/uds-core-swf/dev-cluster/uds-config.yaml) to your working directory
+* Copy an example configuration from [config/dev-cluster/uds-config.yaml](config/dev-cluster/uds-config.yaml) to your working directory
 * Update the config according to your environment taking care to set:
   * domain variables
   * certificate values

diff --git a/config/test-cluster/uds-config.yaml b/config/test-cluster/uds-config.yaml
@@ -25,8 +25,6 @@ variables:
     ENDPOINT: "http://swf.objects.mtsi.bigbang.dev"
     ACCESS_KEY: "replace-me-object-store-access-key"
     SECRET_KEY: "replace-me-object-store-secret-key"
-  gitlab-redis:
-    APP: "gitlab"
   gitlab:
     GITLAB_DB_NAME: "gitlabdb"
     GITLAB_DB_USERNAME: "postgres"

diff --git a/packages/additional-manifests/manifests/envoy-filter.yaml b/packages/additional-manifests/manifests/envoy-filter.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: envoy-filter-ingress-http2-options
+  namespace: istio-tenant-gateway
+spec:
+  workloadSelector:
+    labels:
+      istio: tenant-ingressgateway
+  configPatches:
+    - applyTo: NETWORK_FILTER
+      match:
+        context: GATEWAY
+        listener:
+          filterChain:
+            filter:
+              name: "envoy.filters.network.http_connection_manager"
+      patch:
+        operation: MERGE
+        value:
+          typed_config:
+            "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
+            http2_protocol_options:
+              max_concurrent_streams: 100
+              initial_stream_window_size: 65536
+              initial_connection_window_size: 1048576
diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
@@ -21,3 +21,9 @@ components:
           - manifests/gitlab-ssh-virtualservice.yaml
           - manifests/gitlab-ssh-networkpolicies.yaml
           - manifests/gitlab-ssh-gateway.yaml
+  - name: envoy-filter-tenant-ingress
+    required: true
+    manifests:
+      - name: envoy-filter-tenant-ingress
+        files:
+          - manifests/envoy-filter.yaml