1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
From 54e426127a35ea6c88bf0ba882f97f0712533ef5 Mon Sep 17 00:00:00 2001
From: Morgan Helton <mhelton@gmail.com>
Date: Sun, 26 May 2024 12:17:01 -0500
Subject: [PATCH] envoy: allow specification of external binary
---
pkg/envoy/envoy.go | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go
index 66cf71ae..8d81090e 100644
--- a/pkg/envoy/envoy.go
+++ b/pkg/envoy/envoy.go
@@ -8,9 +8,9 @@ import (
"errors"
"fmt"
"io"
+ "io/fs"
"os"
"os/exec"
- "path"
"path/filepath"
"regexp"
"strconv"
@@ -34,8 +34,12 @@ import (
const (
configFileName = "envoy-config.yaml"
+ workingDirectoryName = ".pomerium-envoy"
+ embeddedEnvoyPermissions fs.FileMode = 0o700
)
+var OverrideEnvoyPath = ""
+
type serverOptions struct {
services string
logLevel config.LogLevel
@@ -59,17 +63,16 @@ type Server struct {
// NewServer creates a new server with traffic routed by envoy.
func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) {
- if err := preserveRlimitNofile(); err != nil {
- log.Ctx(ctx).Debug().Err(err).Msg("couldn't preserve RLIMIT_NOFILE before starting Envoy")
- }
+ envoyPath := OverrideEnvoyPath
+ wd := filepath.Join(os.TempDir(), workingDirectoryName)
- envoyPath, err := Extract()
+ err := os.MkdirAll(wd, embeddedEnvoyPermissions)
if err != nil {
- return nil, fmt.Errorf("extracting envoy: %w", err)
+ return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err)
}
srv := &Server{
- wd: path.Dir(envoyPath),
+ wd: wd,
builder: builder,
grpcPort: src.GetConfig().GRPCPort,
httpPort: src.GetConfig().HTTPPort,
--
2.47.0
|
