feat: install envoy from release artifacts#10
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds automated Envoy proxy installation from GitHub release artifacts to the mx1 host infrastructure. The implementation fetches the latest Envoy release (or a specified version), downloads the pre-built binary for Linux x86_64, and installs it to /usr/local/bin/envoy.
Key changes:
- New Ansible role
system/envoyto manage Envoy installation from official release binaries - Integration of the Envoy role into the mx1 playbook deployment sequence
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| mx1/ansible/roles/system/envoy/tasks/main.yml | Implements tasks for fetching, downloading, extracting, and installing Envoy binary from GitHub releases |
| mx1/ansible/playbook.yml | Adds system/envoy role to the mx1 host deployment workflow |
| get_url: | ||
| url: "https://github.com/envoyproxy/envoy/releases/download/{{ envoy_target_version }}/envoy-{{ envoy_target_version | regex_replace('^v', '') }}-linux-x86_64.tar.gz" | ||
| dest: /tmp/envoy.tar.gz |
There was a problem hiding this comment.
The download lacks checksum verification. GitHub releases typically provide SHA256 checksums. Add checksum validation to ensure binary integrity and prevent potential security risks from corrupted or tampered downloads.
| - name: Install Envoy binary | ||
| copy: | ||
| src: "/tmp/envoy-{{ envoy_target_version | regex_replace('^v', '') }}-linux-x86_64/bin/envoy" | ||
| dest: /usr/local/bin/envoy | ||
| mode: '0755' | ||
| remote_src: yes | ||
| when: download_result.changed |
There was a problem hiding this comment.
The task only runs when download_result.changed is true, which means if the binary is already downloaded but not installed (e.g., previous run failed during installation), this task will be skipped. Consider using a separate register variable to track installation state or checking if the binary exists at the destination.
|
@anatolinicolae I've opened a new pull request, #11, to work on those changes. Once the pull request is ready, I'll request review from you. |
Signed-off-by: Anatoli Nicolae <an@thundersquared.com>
Signed-off-by: Anatoli Nicolae <an@thundersquared.com>
anatolinicolae
force-pushed
the
anatoli/envoy
branch
from
ffd4e6e to
8289f0b
Compare
anatolinicolae
force-pushed
the
main
branch
2 times, most recently
from
a27ca58 to
9301cdf
Compare
In this PR