From 4b48595a5025a7f6592956b178e10768c1841161 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Wed, 23 Jul 2025 14:17:57 +0000 Subject: [PATCH 1/2] Fix Envoy CORS preflight responses and accidental config whitespace Signed-off-by: Dom Del Nano --- k8s/cloud/base/proxy_envoy.yaml | 5 +---- k8s/cloud/dev/proxy_envoy.yaml | 7 ++----- k8s/cloud/prod/proxy_envoy.yaml | 7 ++----- k8s/cloud/public/base/proxy_envoy.yaml | 8 +++----- k8s/cloud/staging/proxy_envoy.yaml | 7 ++----- k8s/cloud/testing/proxy_envoy.yaml | 9 +++------ 6 files changed, 13 insertions(+), 30 deletions(-) diff --git a/k8s/cloud/base/proxy_envoy.yaml b/k8s/cloud/base/proxy_envoy.yaml index bf20891a5f7..30595063182 100644 --- a/k8s/cloud/base/proxy_envoy.yaml +++ b/k8s/cloud/base/proxy_envoy.yaml @@ -42,10 +42,7 @@ data: allow_origin_string_match: - prefix: "*" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/dev/proxy_envoy.yaml b/k8s/cloud/dev/proxy_envoy.yaml index 9364023dc12..327619c2aff 100644 --- a/k8s/cloud/dev/proxy_envoy.yaml +++ b/k8s/cloud/dev/proxy_envoy.yaml @@ -21,7 +21,7 @@ data: - filters: - name: envoy.http_connection_manager typed_config: - "@type": > + "@type": >- type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: - name: envoy.file_access_log @@ -49,10 +49,7 @@ data: allow_origin_string_match: - suffix: "dev.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/prod/proxy_envoy.yaml b/k8s/cloud/prod/proxy_envoy.yaml index 30300dfcb6b..ac4a4f0263c 100644 --- a/k8s/cloud/prod/proxy_envoy.yaml +++ b/k8s/cloud/prod/proxy_envoy.yaml @@ -16,7 +16,7 @@ data: - filters: - name: envoy.http_connection_manager typed_config: - "@type": > + "@type": >- type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: - name: envoy.file_access_log @@ -44,10 +44,7 @@ data: allow_origin_string_match: - suffix: "withpixie.ai" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/public/base/proxy_envoy.yaml b/k8s/cloud/public/base/proxy_envoy.yaml index 9364023dc12..148b240cb1c 100644 --- a/k8s/cloud/public/base/proxy_envoy.yaml +++ b/k8s/cloud/public/base/proxy_envoy.yaml @@ -21,7 +21,7 @@ data: - filters: - name: envoy.http_connection_manager typed_config: - "@type": > + "@type": >- type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: - name: envoy.file_access_log @@ -48,11 +48,9 @@ data: cors: allow_origin_string_match: - suffix: "dev.withpixie.dev" + # - suffix: "work.dev.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/staging/proxy_envoy.yaml b/k8s/cloud/staging/proxy_envoy.yaml index 03b0352f45d..b9337c903da 100644 --- a/k8s/cloud/staging/proxy_envoy.yaml +++ b/k8s/cloud/staging/proxy_envoy.yaml @@ -16,7 +16,7 @@ data: - filters: - name: envoy.http_connection_manager typed_config: - "@type": > + "@type": >- type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: - name: envoy.file_access_log @@ -44,10 +44,7 @@ data: allow_origin_string_match: - suffix: "staging.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/testing/proxy_envoy.yaml b/k8s/cloud/testing/proxy_envoy.yaml index 4cae477fdbd..f1c84fb6b6b 100644 --- a/k8s/cloud/testing/proxy_envoy.yaml +++ b/k8s/cloud/testing/proxy_envoy.yaml @@ -16,7 +16,7 @@ data: - filters: - name: envoy.http_connection_manager typed_config: - "@type": > + "@type": >- type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager access_log: - name: envoy.file_access_log @@ -42,12 +42,9 @@ data: cluster: api_service cors: allow_origin_string_match: - - suffix: "testing.withpixie.dev" + - suffix: "testing.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: > - keep-alive,user-agent,cache-control,content-type,content-transfer-encoding, - x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent, - x-grpc-web,authorization,grpc-timeout,grpc-status,grpc-message + allow_headers: "content-type,x-grpc-web,x-user-agent" max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true From 5e10f549c6dd6b5aefb58d5c418edb182e23a0d8 Mon Sep 17 00:00:00 2001 From: Dom Del Nano Date: Wed, 23 Jul 2025 15:25:04 +0000 Subject: [PATCH 2/2] Address feedback and remove accidental comment Signed-off-by: Dom Del Nano --- k8s/cloud/base/proxy_envoy.yaml | 2 +- k8s/cloud/dev/proxy_envoy.yaml | 2 +- k8s/cloud/prod/proxy_envoy.yaml | 2 +- k8s/cloud/public/base/proxy_envoy.yaml | 3 +-- k8s/cloud/staging/proxy_envoy.yaml | 2 +- k8s/cloud/testing/proxy_envoy.yaml | 2 +- 6 files changed, 6 insertions(+), 7 deletions(-) diff --git a/k8s/cloud/base/proxy_envoy.yaml b/k8s/cloud/base/proxy_envoy.yaml index 30595063182..df4d101d62f 100644 --- a/k8s/cloud/base/proxy_envoy.yaml +++ b/k8s/cloud/base/proxy_envoy.yaml @@ -42,7 +42,7 @@ data: allow_origin_string_match: - prefix: "*" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/dev/proxy_envoy.yaml b/k8s/cloud/dev/proxy_envoy.yaml index 327619c2aff..ecbec917df9 100644 --- a/k8s/cloud/dev/proxy_envoy.yaml +++ b/k8s/cloud/dev/proxy_envoy.yaml @@ -49,7 +49,7 @@ data: allow_origin_string_match: - suffix: "dev.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/prod/proxy_envoy.yaml b/k8s/cloud/prod/proxy_envoy.yaml index ac4a4f0263c..e4d4adc3ca5 100644 --- a/k8s/cloud/prod/proxy_envoy.yaml +++ b/k8s/cloud/prod/proxy_envoy.yaml @@ -44,7 +44,7 @@ data: allow_origin_string_match: - suffix: "withpixie.ai" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/public/base/proxy_envoy.yaml b/k8s/cloud/public/base/proxy_envoy.yaml index 148b240cb1c..ecbec917df9 100644 --- a/k8s/cloud/public/base/proxy_envoy.yaml +++ b/k8s/cloud/public/base/proxy_envoy.yaml @@ -48,9 +48,8 @@ data: cors: allow_origin_string_match: - suffix: "dev.withpixie.dev" - # - suffix: "work.dev.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/staging/proxy_envoy.yaml b/k8s/cloud/staging/proxy_envoy.yaml index b9337c903da..5d06754d871 100644 --- a/k8s/cloud/staging/proxy_envoy.yaml +++ b/k8s/cloud/staging/proxy_envoy.yaml @@ -44,7 +44,7 @@ data: allow_origin_string_match: - suffix: "staging.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true diff --git a/k8s/cloud/testing/proxy_envoy.yaml b/k8s/cloud/testing/proxy_envoy.yaml index f1c84fb6b6b..c694490ac9e 100644 --- a/k8s/cloud/testing/proxy_envoy.yaml +++ b/k8s/cloud/testing/proxy_envoy.yaml @@ -44,7 +44,7 @@ data: allow_origin_string_match: - suffix: "testing.withpixie.dev" allow_methods: GET, PUT, DELETE, POST, OPTIONS - allow_headers: "content-type,x-grpc-web,x-user-agent" + allow_headers: content-type,x-grpc-web,x-user-agent max_age: "1728000" expose_headers: grpc-status,grpc-message,grpc-timeout allow_credentials: true