made some more changes

Author: supaPatrick

ansible/files/envoy_config/envoy.conf.j2

@@ -1,24 +1,22 @@
-[Unit]
-Description=Kong server
+Description=Envoy Proxy Server
 After=postgrest.service gotrue.service adminapi.service
 Wants=postgrest.service gotrue.service adminapi.service
 
 [Service]
-Type=forking
-ExecStart=/usr/local/bin/kong start -c /etc/kong/kong.conf
-ExecReload=/usr/local/bin/kong reload -c /etc/kong/kong.conf
-ExecStop=/usr/local/bin/kong stop
-User=kong
-EnvironmentFile=/etc/kong/kong.env
+Type=simple
+#ExecStart=/opt/envoy/envoy --config-path /opt/envoy/envoy.yml
+ExecStart=/usr/bin/bash -c '/opt/envoy/envoy --config-path /opt/envoy/envoy.yml'
+User=envoy
+
 Slice=services.slice
 Restart=always
 RestartSec=3
 LimitNOFILE=100000
 
-# The kong user is unpriviledged and thus not permited to bind on ports < 1024
+# The envoy user is unpriviledged and thus not permited to bind on ports < 1024
 # Via systemd we grant the process a set of priviledges to bind to 80/443
 # See http://archive.vn/36zJU
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

ansible/files/envoy_config/envoy.service.j2

@@ -0,0 +1,103 @@
+static_resources:
+  listeners:
+  - name: listener_0
+    address:
+      socket_address: { address: 0.0.0.0, port_value: 443 }
+    filter_chains:
+    - filters:
+      - name: envoy.filters.network.http_connection_manager
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+          stat_prefix: ingress_http
+          codec_type: AUTO
+          route_config:
+            name: local_route
+            virtual_hosts:
+            - name: local_service
+              domains: ["*"]
+              routes:
+              - match:
+                  prefix: "/health"
+                direct_response:
+                  status: 200
+                  body:
+                    inline_string: "Healthy"
+              - match:
+                  prefix: "/rest/v1/"
+                  headers:
+                  - name: apikey
+                    string_match:
+                      exact: '{{ supabase-api-key-2020-07-28 }}'
+                route:
+                  cluster: rest
+                  prefix_rewrite: "/"
+              - match:
+                  prefix: "/auth/v1/admin/"
+                  headers:
+                  - name: apikey
+                    string_match:
+                      exact: '{{ supabase-api-key-2020-07-28 }}'
+                route:
+                  cluster: gotrue
+                  prefix_rewrite: "/"
+              - match:
+                  prefix: "/auth/v1/"
+                route:
+                  cluster: gotrue
+                  prefix_rewrite: "/"
+              - match:
+                  prefix: "/pg/"
+                  headers:
+                  - name: apikey
+                    string_match:
+                      exact: '{{ supabase-api-key-2020-07-28 }}'
+                route:
+                  cluster: pg-v1
+                  prefix_rewrite: "/"
+          http_filters:
+          - name: envoy.filters.http.router
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+
+  clusters:
+  - name: gotrue
+    connect_timeout: 0.25s
+    type: STATIC
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: gotrue
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: 127.0.0.1
+                port_value: 9998
+
+  - name: rest
+    connect_timeout: 0.25s
+    type: STATIC
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: rest
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: 127.0.0.1
+                port_value: 3000
+
+  - name: pg-v1
+    connect_timeout: 0.25s
+    type: STATIC
+    lb_policy: ROUND_ROBIN
+    load_assignment:
+      cluster_name: pg-v1
+      endpoints:
+      - lb_endpoints:
+        - endpoint:
+            address:
+              socket_address:
+                address: 127.0.0.1
+                port_value: 1337

ansible/files/envoy_config/envoy.yml

@@ -14,6 +14,15 @@
     dest: /opt/envoy/envoy
     checksum: "{{ envoy_release_checksum }}"
 
+- name: Envoy - add execution bit to binary
+  file:
+    dest: /opt/envoy/envoy mode=a+x
+
+- name: Envoy - copy basic conf
+  copy:
+    src: files/envoy/envoy.yml
+    dest: /opt/envoy/envoy.yml
+
 # [warn] ulimit is currently set to "1024". For better performance set it to at least
 # "4096" using "ulimit -n"
 - name: Envoy - bump up ulimit

ansible/tasks/setup-envoy.yml

@@ -1 +1 @@
-postgres-version = "15.1.0.115-envoy-rc2"
+postgres-version = "15.1.0.115-envoy-rc4"