RHEL8 version of Envoy binary

[pvyaka01]

If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via emailing
[email protected] where the issue will be triaged appropriately.

Title: Does Envoy now require RHEL9?

Description:
Downloaded 1.24.2 from releases page.

Trying to run 1.24.2 on RHEL8 server (standalone binary)

./envoy-1.24.2-linux-x86_64
./envoy-1.24.2-linux-x86_64: /lib64/libm.so.6: version `GLIBC_2.29' not found (required by ./envoy-1.24.2-linux-x86_64)

OS:
cat /etc/redhat-release
Red Hat Enterprise Linux release 8.6 (Ootpa)

[scheruku-in]

@pvyaka01 I also faced this issue. I am able to resolve it by following the link: tetratelabs/archive-envoy#17

[phlax]

Does Envoy now require RHEL9?

checking here https://distrowatch.com/table.php?distribution=redhat it seems so

it would be good to support more glibc versions in our published binaries, altho im not sure how much bandwidth we have for that as it requires setting up another toolchain to build with.

one other option is to use one of the published Docker containers - the distroless image has basically just the required glibc and a rootles environment so is also pretty secure

[scheruku-in]

one other option is to use one of the published Docker containers - the distroless image has basically just the required glibc and a rootles environment so is also pretty secure

@phlax Can you please provide more details on the above?

For now, I am

• building Envoy using ./ci/run_envoy_docker.sh './ci/do_ci.sh bazel.release.server_only'
• installing the newer glibc 2.29, and use patchelf to modify the Envoy's binary so it uses the installed new glibc instead of old system glibc.
  But this is pretty time consuming, so looking for an alternative.

[phlax]

the images are here https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=distroless-v

[phlax]

if you want to build with your own envoy binary i would create a multi-stage Dockerfile that builds in the first and then fishes out the binary to a deployment image

i dont have an example of that to hand im afraid - but if you are already building then should not be so hard to adapt

[pvyaka01]

Till version 1.22.x, it works fine with RHEL8 glibc. Seems like moved to glibc_2_29 after that. The issue is we use Consul and Envoy for service mesh in non-dockerized environments so using docker images is not an option for us, at present. Patchelf is at best a hack based on what I know and can have unintended consequences. Thanks so much for everyone's input!

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.