[IMPROVEMENT] Upgrade image version of Envoy in cnf-example

cnti-testcatalog / testsuite

📞📱☎️📡🌐 Cloud Native Telecom Initiative (CNTI) Test Catalog is a tool to check for and provide feedback on the use of K8s + cloud native best practices in networking applications and platforms

https://wiki.lfnetworking.org/display/LN/Test+Catalog

Apache License 2.0

169 stars 70 forks source link

[IMPROVEMENT] Upgrade image version of Envoy in cnf-example #1938

Open haskojur opened 3 months ago

haskojur commented 3 months ago

Description Currently we are using in our cnf-example envoy version 1.11.1 which is about 5 years old version that can be not maintained anymore and probably also outdated in terms of security/performance. Few parts of configuration are also deprecated, for example "envoy.file_access_log" and there are many more things like this.

Suggestion Lets try to use newer image of Envoy to improve performance and security related areas. Upgrade to version 1.13 which is 2 years newer can be quite straightforward, but it is 3 years old version. Since version 1.14 there has been some changes, part of them is listed here: [https://www.envoyproxy.io/docs/envoy/v1.14.7/intro/deprecated#deprecated]

Benefits Newer version of Envoy means it is improved in many areas as mentioned above to meet higher standards of the project.

Risks Upgrade of the image version will bring additional effort to solve all dependencies as configuration changes, verification of functionality, etc.

horecoli commented 3 months ago

I believe that these steps will be enough: ./cnf-testsuite setup ./cnf-testsuite cnf_setup cnf-config=example-cnfs/envoy/cnf-testsuite.yml

haskojur commented 3 months ago

I did some investigation and testing using manually pulled helm chart of envoy, here are some findings: current version: v1.11.1 (5 years old, not supported) newer versions to use: v1.12-latest and v1.13-latest -> working without additional changes (still 3 years old versions, not supported) v1.14-latest to v1.17-latest -> $loglevel variable invalid (workaround hardcoded e.g. error. But i dont know how to fix this problem right now) update deprecated values in envoy.yaml to values : envoy.access_loggers.file, envoy.filters.network.http_connection_manager, envoy.filters.http.router (not supported versions) Newer versions are not working locally for me, troubleshooting the problems related to deprecated parts of configuration envoy.yaml All versions older than 1.25.11 are not supported Currently working on POC for latest version 1.29.2 so we can use supported version of envoy.

haskojur commented 3 months ago

I am able to use latest version of envoy v1.29.2 The only remaining issue is hardcoded value for $loglevel Otherwise POC is working and we should be able to use that image.

haskojur commented 3 months ago

Update of README file will be handled in separate task