Release chart/4.29.16: nginz deactivate unused upstreams (SQPIT-1174) (#2849) · wireapp/wire-server

chart/4.29.16
26051c1
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags

chart/4.29.16: nginz deactivate unused upstreams (SQPIT-1174) (#2849)

chart/4.29.16
26051c1
Compare

Choose a tag to compare

Loading

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode

supersven tagged this 16 Dec 05:46

Some upstreams are configured by default in nginz that have no backing service. This leads to many unnecessary DNS lookups and opens unused routes into our K8s clusters (which might be a security issue).

Upstream configuration in nginz goes from two entries (ignored_upstreams, upstreams) to four (ignored_upstreams, upstreams, enabled_extra_upstreams, extra_upstreams):

- ignored_upstreams : default upstreams that should be ignored (for backwards compatibility)
- upstreams : default upstreams (kept for backwards compatibility)
- enabled_extra_upstreams : Extra upstreams that should be enabled (routed / rendered; this one is new)
-  extra_upstreams : Contains upstreams that are usually not deployed by default (this is new, too)

Co-authored-by: jschaul <[email protected]>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly