Page MenuHomePhabricator
Paste P61253

T363521
ActivePublic
Actions

Authored by akosiaris on Apr 26 2024, 2:01 PM.
Tags
None
Referenced Files
F48793212: T363521
Apr 26 2024, 2:01 PM
Subscribers
None
This is a snippet of the search related service mesh configuration
cluster snippet:
```
- name: search-chi-eqiad
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-chi-eqiad
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.eqiad.wmnet
port_value: 9243
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
- name: search-chi-codfw
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-chi-codfw
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.codfw.wmnet
port_value: 9243
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
- name: search-omega-eqiad
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-omega-eqiad
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.eqiad.wmnet
port_value: 9443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
- name: search-omega-codfw
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-omega-codfw
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.codfw.wmnet
port_value: 9443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
- name: search-psi-eqiad
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-psi-eqiad
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.eqiad.wmnet
port_value: 9643
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
- name: search-psi-codfw
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: cluster_search-psi-codfw
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: search.svc.codfw.wmnet
port_value: 9643
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
tls_params:
cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
```
listener snippet
```
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6102
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-chi-eqiad_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-chi-eqiad_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-chi-eqiad_route
virtual_hosts:
- name: search-chi-eqiad
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-chi-eqiad
timeout: 50s
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6202
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-chi-codfw_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-chi-codfw_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-chi-codfw_route
virtual_hosts:
- name: search-chi-codfw
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-chi-codfw
timeout: 50s
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6103
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-omega-eqiad_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-omega-eqiad_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-omega-eqiad_route
virtual_hosts:
- name: search-omega-eqiad
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-omega-eqiad
timeout: 50s
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6203
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-omega-codfw_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-omega-codfw_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-omega-codfw_route
virtual_hosts:
- name: search-omega-codfw
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-omega-codfw
timeout: 50s
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6104
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-psi-eqiad_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-psi-eqiad_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-psi-eqiad_route
virtual_hosts:
- name: search-psi-eqiad
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-psi-eqiad
timeout: 50s
- address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 6204
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
access_log:
- filter:
status_code_filter:
comparison:
op: "GE"
value:
default_value: 500
runtime_key: search-psi-codfw_min_log_code
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/dev/stdout"
stat_prefix: search-psi-codfw_egress
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
route_config:
name: search-psi-codfw_route
virtual_hosts:
- name: search-psi-codfw
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: search-psi-codfw
timeout: 50s
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL