Envoy Proxy: Fundamentals and Deep Dive of the Cloud-Native ProxyAugust 10, 2020
Envoy Proxy is an open source edge and service proxy (L4/L7), designed for cloud-native applications. Developed internally at Lyft and later open sourced and donated to the Cloud Native Computing Foundation, Envoy is a high performance proxy and data plane for modern edge/API gateways and service meshes. Envoy is similar to proxies like NGINX and HAProxy, but created out of the need to handle service communication for distributed environments.
This article contains a video series to demonstrate the functionality of Envoy and provide links to more resources
Definitions of key terms related to Envoy:
- Proxy – A server that acts as an intermediary for requests from clients seeking resources from servers that provide those resources. As a proxy, Envoy abstracts the network from the business logic and runs alongside every application to facilitate and shape application traffic, provide observability, tune performance, and provide a common set of features to the environment. The proxy can be run at the edge to facilitate traffic into the cluster (ingress/edge) or as a sidecar to each application in a service mesh.
- Edge/API Gateway – A system to that receives API requests, performs traffic routing and management to the backend services and returns a response to the client / end user requester. Envoy is the data plane for Edge/API gateways where any number of proxies can be deployed at the edge to facilitate the traffic coming into the cluster from external clients and end users. A control plane is required to manage and enforce configuration of the proxies and capture metrics back for observability.
- Service Mesh – Is a technology where an Envoy proxy is deployed as a sidecar proxy alongside each application service in a cluster. This is often referred to as east/west traffic. In a service mesh, the networking code is abstracted away from the application code and handled in the mesh of proxies. A control plane is required to manage the proxy configuration and traffic policies.
This educational video series uses live demonstrations of example scenarios to explain the architecture and functionality of Envoy Proxy, through the following episodes:
- Envoy Architectural Overview and Fundamentals
- Observing Envoy: Monitoring Metrics and Logs, Proxy Performance, and Troubleshooting
- Securing Envoy: Understanding Available Security Configurations and Best Practices
- xDS Dynamic Configuration and Control Plane Interactions with Envoy Proxy Data Plane
- Envoy Filters: What are They and How They Work, Understanding the Filter Chain, and Lots of Examples
- Advanced Envoy Filtering and Build Your Own Filters with WebAssembly
Architectural Overview and Fundamentals
This video covers the core concepts of Envoy including Listener, Cluster, Endpoint/Cluster member/cluster Load Assignment, Routes, Filters, and an overview of how they work in the data flow and routing decisions. Example configurations for the demos are here.
This video covers the various types of data (metrics, logs) available from Envoy to understand the state of the proxies, how to configure Envoy to expose the data, how to use this data to debug issues, and how to performance tune the environment.
Additional episodes are live streamed every other week on Tuesdays at 10AM Pacific.
- Security – Coming Aug 18: This episode will cover available security settings and best practices in configuration
- xDS Dynamic Configuration – Coming Sept 1: This episode will cover how xDS works to dynamically update the proxy configuration and how this interacts with the control plane.
- Envoy Filters – Coming Sept 15: This episode will cover how filters work to customize the behavior of the proxy, the filter chain that a request will pass through and how the control plane configures and manages them.
- Advanced Filters and WebAssembly – Coming Sept 29: This episode will cover how to build your own custom filters with WebAssembly and tools available for the developer to ops workflow including wasme CLI and WebAssembly Hub.
Get more information about Envoy Proxy project, solutions built using Envoy, and more.