Extend Istio and Envoy with WebAssembly (Wasm)

What is WebAssembly?

WebAssembly (Wasm) is a fast, efficient, and portable binary instruction format for programming languages, providing an embeddable and safe execution environment for platform extensions. Wasm helps you extend web applications and is gaining momentum for server side applications as well. The Wasm extension is packaged as a virtual machine and deployed to a target platform like a browser or server.

A new model for extending the application network

Wasm is commonly used with Kubernetes, Envoy Proxy, and Istio. Envoy integrates Wasm as the model for extensibility going forward. Envoy can be extended in many ways through the use of filters, tracers, monitors, and more. Filters are used to modify the behavior of the proxy to manipulate its traffic. The proxy ships with some filters out-of-the-box, but you can write and add your own filters too.

However there are challenges related to writing your own custom filters for Envoy including needing enough expertise in C++ (Envoy language), needing to integrate and compile the customization, and maintaining a separate build of Envoy over time. The addition of WebAssembly into the Envoy community and ecosystem dramatically improves, streamlines, and expands the ability to extend solutions like gateways and service meshes. Wasm dynamically updates running Envoy processes without having restarts, isolates from failures and security issues, removes the overhead of compiling and maintaining a build of the Envoy code base, and comes with an active and growing developer community.

Gloo Mesh for WebAssembly with Istio

Because of its intuitive features, maturity, and thriving community, Istio has emerged as the leading service mesh solution in recent years. However, installing, upgrading, and running Istio can be error-prone, time-consuming, and taxing. Our goal at Solo.io is to provide a set of tools that can make service mesh adoption and day-to-day operations easier in any setting. We designed Gloo Mesh to provide Istio users with a robust, user-friendly platform that makes managing, configuring, and operating Istio with WebAssembly simple while also supporting scalability, observability, and security.

To learn more about WebAssembly with Gloo Mesh, click here!


Envoy proxy is written in C++ and customizations to the proxy behavior often need to be custom built and compiled into the codebase.

  • Requires engineering expertise in C++
  • Additional effort of maintaining a distinct Envoy codebase


WebAssembly brings a new model for extensibility that is secure and easy, with a broad developer community.

  • Simplifies adding extensions to Envoy
  • Easy to find, use, and deploy filters

WebAssembly Hub


Connect any application workload including legacy monoliths, microservices, and serverless functions.


Share, collaborate, and store your extensions with your team and the community.


Discover, pull, and deploy Wasm extensions to your Envoy Proxy-powered data plane at the edge and in a service mesh.

WebAssembly Hub

Build, publish, discover, and deploy Wasm modules

Open Source Community

Contribute in the image specification, SDKs, tools and participate in the discussion