testsuite icon indicating copy to clipboard operation
testsuite copied to clipboard

Published 20 hours ago verified publisher icon cnti-testcatalog

[IMPROVEMENT] Upgrade image version of Envoy in cnf-example

Open haskojur opened this issue 11 months ago • 5 comments

Description Currently we are using in our cnf-example envoy version 1.11.1 which is about 5 years old version that can be not maintained anymore and probably also outdated in terms of security/performance. Few parts of configuration are also deprecated, for example "envoy.file_access_log" and there are many more things like this.

Suggestion Lets try to use newer image of Envoy to improve performance and security related areas. Upgrade to version 1.13 which is 2 years newer can be quite straightforward, but it is 3 years old version. Since version 1.14 there has been some changes, part of them is listed here: [https://www.envoyproxy.io/docs/envoy/v1.14.7/intro/deprecated#deprecated]

Benefits Newer version of Envoy means it is improved in many areas as mentioned above to meet higher standards of the project.

Risks Upgrade of the image version will bring additional effort to solve all dependencies as configuration changes, verification of functionality, etc.

haskojur avatar Mar 27 '24 14:03 haskojur

I believe that these steps will be enough: ./cnf-testsuite setup ./cnf-testsuite cnf_setup cnf-config=example-cnfs/envoy/cnf-testsuite.yml

horecoli avatar Mar 28 '24 08:03 horecoli

I did some investigation and testing using manually pulled helm chart of envoy, here are some findings: current version: v1.11.1 (5 years old, not supported) newer versions to use: v1.12-latest and v1.13-latest -> working without additional changes (still 3 years old versions, not supported) v1.14-latest to v1.17-latest -> $loglevel variable invalid (workaround hardcoded e.g. error. But i dont know how to fix this problem right now) update deprecated values in envoy.yaml to values : envoy.access_loggers.file, envoy.filters.network.http_connection_manager, envoy.filters.http.router (not supported versions) Newer versions are not working locally for me, troubleshooting the problems related to deprecated parts of configuration envoy.yaml All versions older than 1.25.11 are not supported Currently working on POC for latest version 1.29.2 so we can use supported version of envoy.

haskojur avatar Apr 04 '24 15:04 haskojur

I am able to use latest version of envoy v1.29.2 The only remaining issue is hardcoded value for $loglevel Otherwise POC is working and we should be able to use that image.

haskojur avatar Apr 05 '24 09:04 haskojur

Update of README file will be handled in separate task

haskojur avatar Apr 08 '24 08:04 haskojur

Still relevant, for envoy example CNF we use HelmDirectory configuration with envoyproxy/envoy:v1.11.1 image.

kosstennbl avatar Sep 04 '24 21:09 kosstennbl