Skip to content

feat: separate envoy lds configs for self-hosting and supabase use-cases #1325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 20, 2024
Merged

feat: separate envoy lds configs for self-hosting and supabase use-cases #1325

merged 2 commits into from
Nov 20, 2024

Conversation

hf
Copy link
Contributor

@hf hf commented Nov 19, 2024
edited
Loading

Separates Envoy's lds.yaml file for two different use cases: self-hosting and for Supabase internal use.

For self-hosting:

  • File remains to be called lds.yaml
  • Includes only self-hosing concepts such as fixed API keys
  • Control which lds.yaml file is used with the envoy_lds Docker build arg

For Supabase:

  • File is called lds.supabase.yaml
  • Is replaced into /etc/envoy/lds.yaml with an Ansible task part of ansible/tasks/setup-supabase-internal.yml
  • For Fly, replaced using the envoy_lds Docker build arg
  • In follow up PR it will contain an origin protection key which is not something available in the Docker image for self-hosting
  • Future: once origin protection keys are rolled out and new API keys are in place, Envoy will no longer check any API keys

@hf hf requested a review from a team as a code owner November 19, 2024 13:45
hf
hf commented Nov 19, 2024
View reviewed changes
ansible/files/envoy_config/lds.supabase.yaml
@@ -0,0 +1,436 @@
resources:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A verbatim copy of lds.yaml

This was referenced Nov 19, 2024
Closed
Closed
@hf
Copy link
Contributor Author

hf commented Nov 20, 2024

Will bump versions after this is approved.

hf
hf commented Nov 20, 2024
View reviewed changes
@hf hf force-pushed the hf/envoy-separate-lds branch from b6500c3 to 46b0ee6 Compare November 20, 2024 13:12
@hf hf force-pushed the hf/envoy-separate-lds branch from 46b0ee6 to ee2bc63 Compare November 20, 2024 13:34
hf
hf commented Nov 20, 2024
View reviewed changes
samrose
samrose approved these changes Nov 20, 2024
View reviewed changes
Copy link
Collaborator

@samrose samrose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok to merge

@hf hf merged commit dd307fb into develop Nov 20, 2024
10 checks passed
@hf hf deleted the hf/envoy-separate-lds branch November 20, 2024 13:49
@hf hf mentioned this pull request Jan 9, 2025
Merged
damonrand pushed a commit to cepro/postgres that referenced this pull request Jun 15, 2025
@hf
feat: separate envoy lds configs for self-hosting and supabase use-ca…
67436b3 
…ses (supabase#1325)

* feat: separate envoy lds configs for self-hosting and supabase use-cases

* feat: add origin protection key enforcement for envoy in `lds.supabase.yaml`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samrose samrose samrose approved these changes

@pcnc pcnc pcnc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hf @samrose @pcnc