Compilation results for contint2002.wikimedia.org: System changes detected

Catalog differences

Summary

Resources modified

• Envoyproxy::Tls_terminator[1443]

  Parameters differences:

  --- Envoyproxy::Tls_terminator[1443].orig
  +++ Envoyproxy::Tls_terminator[1443]
  
  -    global_certs            => [{'cert_path': '/etc/envoy/ssl/discovery2026__contint_wikimedia_org_server.chained.pem', 'key_path': '/etc/envoy/ssl/discovery2026__contint_wikimedia_org_server-key.pem'}]
  -    generate_request_id     => True
  -    stek_files              => []
  -    circuit_breakers_config => defaults
  +    global_key_path         => /etc/envoy/ssl/discovery2026__contint_wikimedia_org_server-key.pem
  +    global_cert_path        => /etc/envoy/ssl/discovery2026__contint_wikimedia_org_server.chained.pem
  @@
  -    upstreams               => [{'server_names': ['*'], 'certificates': None, 'upstream': {'port': 80, 'addr': 'contint2002.wikimedia.org'}}]
  +    upstreams               => [{'server_names': ['*'], 'cert_path': None, 'key_path': None, 'upstream_port': 80, 'upstream_addr': 'contint2002.wikimedia.org'}]
  

• File[/etc/envoy/listeners.d/00-tls_terminator_1443.yaml]

  Content differences:

  --- /etc/envoy/listeners.d/00-tls_terminator_1443.yaml.orig
  +++ /etc/envoy/listeners.d/00-tls_terminator_1443.yaml
  @@ -8,6 +8,49 @@
       "@type": type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
   tcp_fast_open_queue_length: 150
   filter_chains:
  +- filter_chain_match:
  +    server_names: ["*"]
  +  transport_socket:
  +    name: envoy.transport_sockets.tls
  +    typed_config:
  +      '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
  +      common_tls_context:
  +        tls_certificates:
  +        - certificate_chain: { filename: "" }
  +          private_key: { filename: "" }
  +  filters:
  +  - name: envoy.http_connection_manager
  +    typed_config:
  +      "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
  +      http_protocol_options:
  +        accept_http_10: true
  +      stat_prefix: ingress_http
  +      route_config:
  +        virtual_hosts:
  +        - name: default
  +          domains: ["*"]
  +          routes:
  +          - match: { prefix: "/" }
  +            route:
  +              cluster: local_port_80
  +              timeout: 65.0s
  +              retry_policy:
  +                num_retries: 1
  +                retry_on: "5xx"
  +      http_filters:
  +      - name: envoy.filters.http.router
  +        typed_config:
  +          "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  +      server_header_transformation: APPEND_IF_ABSENT
  +      internal_address_config:
  +        unix_sockets: true
  +        cidr_ranges:
  +        - address_prefix: 10.0.0.0
  +          prefix_len: 8
  +        - address_prefix: 127.0.0.1
  +          prefix_len: 32
  +        - address_prefix: ::1
  +          prefix_len: 128
   # Non-SNI support
   - transport_socket:
       name: envoy.transport_sockets.tls

• Envoyproxy::Conf[tls_terminator_1443]

• Envoyproxy::Listener[tls_terminator_1443]

Relevant files

• Production catalog
• Change catalog
• Production errors/warnings
• Change errors/warnings
• Core Diff
• Standard Diff