Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Split Envoy from Contour #87

Closed
stevesloka opened this issue May 2, 2018 · 2 comments
Closed

Split Envoy from Contour #87

stevesloka opened this issue May 2, 2018 · 2 comments
Assignees
Milestone

Comments

@stevesloka
Copy link
Member

Each instance of Contour will create watches on Services, Endpoints, etc. As we need to scale Envoy to handle more traffic this scales Contour with each instance of Envoy. We should split those apart to allow Envoy to scale separately as needed.

Contour allows us to specify the grpc endpoint (https://github.com/heptio/contour/blob/master/cmd/contour/contour.go#L59), however, it's not secured.

Also, Envoy shouldn't run under the contour service account since it no longer needs the same access to the k8s api.

@stevesloka
Copy link
Member Author

Also could look into using a Network Policy to only allow access to contour from an Envoy pod.

@stevesloka stevesloka self-assigned this May 2, 2018
@stevesloka
Copy link
Member Author

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants