diff --git a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile index 5e4080ce5e..871572d07c 100644 --- a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile +++ b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile @@ -1,9 +1,24 @@ # Build stage FROM golang:1.23-alpine AS builder ENV CGO_ENABLED=1 + WORKDIR /app COPY . . -RUN apk add --no-cache --update git build-base + +RUN apk add --no-cache --update git build-base openssl + +# Generate SSL self-signed localhost certificate +RUN openssl genrsa -out localhost.key 3072 +RUN openssl req -new \ + -key localhost.key \ + -subj "/C=US/ST=New York/O=Datadog/OU=gRPC/CN=localhost" \ + -out request.csr +RUN openssl x509 -req -days 3660 \ + -in request.csr \ + -signkey localhost.key \ + -out localhost.crt + +# Build the serviceextensions binary RUN go build -tags=appsec -o ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions/serviceextensions ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions # Runtime stage @@ -11,8 +26,8 @@ FROM alpine:3.20.3 RUN apk --no-cache add ca-certificates tzdata libc6-compat libgcc libstdc++ WORKDIR /app COPY --from=builder /app/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/serviceextensions /app/serviceextensions -COPY ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.crt /app/localhost.crt -COPY ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.key /app/localhost.key +COPY --from=builder /app/localhost.crt /app/localhost.crt +COPY --from=builder /app/localhost.key /app/localhost.key EXPOSE 80 EXPOSE 443 diff --git a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.crt b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.crt deleted file mode 100644 index fc54fd492e..0000000000 --- a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFjCCAf4CCQCzrLIhrWa55zANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJV -UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEPMA0GA1UECgwGR29vZ2xlMQ0wCwYDVQQL -DARnUlBDMCAXDTE5MDYyNDIyMjIzM1oYDzIxMTkwNTMxMjIyMjMzWjBWMQswCQYD -VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEPMA0GA1UECgwGR29vZ2xlMQ0w -CwYDVQQLDARnUlBDMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCtCW0TjugnIUu8BEVIYvdMP+/2GENQDjZhZ8eKR5C6 -toDGbgjsDtt/GxISAg4cg70fIvy0XolnGPZodvfHDM4lJ7yHBOdZD8TXQoE6okR7 -HZuLUJ20M0pXgWqtRewKRUjuYsSDXBnzLiZw1dcv9nGpo+Bqa8NonpiGRRpEkshF -D6T9KU9Ts/x+wMQBIra2Gj0UMh79jPhUuxcYAQA0JQGivnOtdwuPiumpnUT8j8h6 -tWg5l01EsCZWJecCF85KnGpJEVYPyPqBqGsy0nGS9plGotOWF87+jyUQt+KD63xA -aBmTro86mKDDKEK4JvzjVeMGz2UbVcLPiiZnErTFaiXJAgMBAAEwDQYJKoZIhvcN -AQELBQADggEBAKsDgOPCWp5WCy17vJbRlgfgk05sVNIHZtzrmdswjBmvSg8MUpep -XqcPNUpsljAXsf9UM5IFEMRdilUsFGWvHjBEtNAW8WUK9UV18WRuU//0w1Mp5HAN -xUEKb4BoyZr65vlCnTR+AR5c9FfPvLibhr5qHs2RA8Y3GyLOcGqBWed87jhdQLCc -P1bxB+96le5JeXq0tw215lxonI2/3ZYVK4/ok9gwXrQoWm8YieJqitk/ZQ4S17/4 -pynHtDfdxLn23EXeGx+UTxJGfpRmhEZdJ+MN7QGYoomzx5qS5XoYKxRNrDlirJpr -OqXIn8E1it+6d5gOZfuHawcNGhRLplE/pfA= ------END CERTIFICATE----- diff --git a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.key b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.key deleted file mode 100644 index 72e2463282..0000000000 --- a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/localhost.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEArQltE47oJyFLvARFSGL3TD/v9hhDUA42YWfHikeQuraAxm4I -7A7bfxsSEgIOHIO9HyL8tF6JZxj2aHb3xwzOJSe8hwTnWQ/E10KBOqJEex2bi1Cd -tDNKV4FqrUXsCkVI7mLEg1wZ8y4mcNXXL/ZxqaPgamvDaJ6YhkUaRJLIRQ+k/SlP -U7P8fsDEASK2tho9FDIe/Yz4VLsXGAEANCUBor5zrXcLj4rpqZ1E/I/IerVoOZdN -RLAmViXnAhfOSpxqSRFWD8j6gahrMtJxkvaZRqLTlhfO/o8lELfig+t8QGgZk66P -OpigwyhCuCb841XjBs9lG1XCz4omZxK0xWolyQIDAQABAoIBADeq/Kh6JT3RfGf0 -h8WN8TlaqHxnueAbcmtL0+oss+cdp7gu1jf7X6o4r0uT1a5ew40s2Fe+wj2kzkE1 -ZOlouTlC22gkr7j7Vbxa7PBMG/Pvxoa/XL0IczZLsGImSJXVTG1E4SvRiZeulTdf -1GbdxhtpWV1jZe5Wd4Na3+SHxF5S7m3PrHiZlYdz1ND+8XZs1NlL9+ej72qSFul9 -t/QjMWJ9pky/Wad5abnRLRyOsg+BsgnXbkUy2rD89ZxFMLda9pzXo3TPyAlBHonr -mkEsE4eRMWMpjBM79JbeyDdHn/cs/LjAZrzeDf7ugXr2CHQpKaM5O0PsNHezJII9 -L5kCfzECgYEA4M/rz1UP1/BJoSqigUlSs0tPAg8a5UlkVsh6Osuq72IPNo8qg/Fw -oV/IiIS+q+obRcFj1Od3PGdTpCJwW5dzd2fXBQGmGdj0HucnCrs13RtBh91JiF5i -y/YYI9KfgOG2ZT9gG68T0gTs6jRrS3Qd83npqjrkJqMOd7s00MK9tUcCgYEAxQq7 -T541oCYHSBRIIb0IrR25krZy9caxzCqPDwOcuuhaCqCiaq+ATvOWlSfgecm4eH0K -PCH0xlWxG0auPEwm4pA8+/WR/XJwscPZMuoht1EoKy1his4eKx/s7hHNeO6KOF0V -Y/zqIiuZnEwUoKbn7EqqNFSTT65PJKyGsICJFG8CgYAfaw9yl1myfQNdQb8aQGwN -YJ33FLNWje427qeeZe5KrDKiFloDvI9YDjHRWnPnRL1w/zj7fSm9yFb5HlMDieP6 -MQnsyjEzdY2QcA+VwVoiv3dmDHgFVeOKy6bOAtaFxYWfGr9MvygO9t9BT/gawGyb -JVORlc9i0vDnrMMR1dV7awKBgBpTWLtGc/u1mPt0Wj7HtsUKV6TWY32a0l5owTxM -S0BdksogtBJ06DukJ9Y9wawD23WdnyRxlPZ6tHLkeprrwbY7dypioOKvy4a0l+xJ -g7+uRCOgqIuXBkjUtx8HmeAyXp0xMo5tWArAsIFFWOwt4IadYygitJvMuh44PraO -NcJZAoGADEiV0dheXUCVr8DrtSom8DQMj92/G/FIYjXL8OUhh0+F+YlYP0+F8PEU -yYIWEqL/S5tVKYshimUXQa537JcRKsTVJBG/ZKD2kuqgOc72zQy3oplimXeJDCXY -h2eAQ0u8GN6tN9C4t8Kp4a3y6FGsxgu+UTxdnL3YQ+yHAVhtCzo= ------END RSA PRIVATE KEY----- diff --git a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go index 968cd75f42..81cf003cb7 100644 --- a/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go +++ b/contrib/envoyproxy/go-control-plane/cmd/serviceextensions/main.go @@ -51,7 +51,7 @@ func loadConfig() serviceExtensionConfig { extensionHost := internal.IpEnv("DD_SERVICE_EXTENSION_HOST", "0.0.0.0") extensionPortStr := strconv.FormatInt(int64(extensionPortInt), 10) - healthcheckPortStr := strconv.FormatInt(int64(extensionPortInt), 10) + healthcheckPortStr := strconv.FormatInt(int64(healthcheckPortInt), 10) // check if the ports are free l, err := net.Listen("tcp", extensionHost+":"+extensionPortStr) @@ -129,20 +129,25 @@ func StartGPRCSsl(service extproc.ExternalProcessorServer, config serviceExtensi cert, err := tls.LoadX509KeyPair("localhost.crt", "localhost.key") if err != nil { log.Error("service_extension: failed to load key pair: %v\n", err) + os.Exit(1) + return } lis, err := net.Listen("tcp", config.extensionHost+":"+config.extensionPort) if err != nil { log.Error("service_extension: gRPC server failed to listen: %v\n", err) + os.Exit(1) + return } si := go_control_plane.StreamServerInterceptor() - creds := credentials.NewServerTLSFromCert(&cert) - grpcServer := grpc.NewServer(grpc.StreamInterceptor(si), grpc.Creds(creds)) + grpcCredentials := credentials.NewServerTLSFromCert(&cert) + grpcServer := grpc.NewServer(grpc.StreamInterceptor(si), grpc.Creds(grpcCredentials)) extproc.RegisterExternalProcessorServer(grpcServer, service) reflection.Register(grpcServer) if err := grpcServer.Serve(lis); err != nil { log.Error("service_extension: error starting gRPC server: %v\n", err) + os.Exit(1) } }