Cloud-Native Building Blocks: An Interactive Envoy Proxy Workshop


Authors:   Jim Barton, Adam Sayah


Envoy is a popular and scalable API gateway technology that was built to work in a dynamic services environment. It is fast, comprehensive, dynamically configurable, extensible, and observable.
  • Lyft built Envoy as an internal technology to publish services out to their consumers both internal and external.
  • Envoy is built to be fast, scalable, comprehensive, dynamically configurable, extensible, and observable.
  • Envoy works with a dynamic control plane, allowing for policies to be served up dynamically to the proxy without having to balance anything.
  • Envoy is built on a filter chain architecture, allowing for various policies and routing techniques to be applied to requests.
  • Envoy produces access logs on each request, which are valuable for debugging and monitoring purposes.
Lyft had a problem in the mid-2010s with their vision of a future involving collections of microservices operating their organization rather than a set of static monoliths. They looked at API gateway technology and reverse proxy technology to publish those services out to their consumers, but most of them weren't designed for the kind of dynamic environment with ephemeral compute that they faced at that time. They made the fateful decision to build Envoy, which gained popularity very rapidly and graduated as a CNCF project in 2018. Since then, its adoption has exploded across the enterprise computing universe.


Envoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black-box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request. Users will then put those principles to work interactively. Every participant will have access to a computing environment via their web browsers to a Kubernetes K3s platform provisioned with Envoy and supporting tools. From there, users will explore the life of a request through a maze of transforms, custom processing with WebAssembly, and request routing. They will further learn to employ standard Envoy tools like metrics, access logging, and the Tap filter to solve real-world problems.Click here to view captioning/translation in the MeetingPlay platform!


Post a comment

Related work

Authors: Donovan Brown, Jessica Deen

Authors: Rafael Fernández López, Angel M De Miguel Meana

Authors: Stefan Prodan, Mitch Connors

Authors: Eric Anderson, Kevin Nilson

Conference:  Black Hat Asia 2023
Authors: Luyi Xing, Xin'an Zhou, Jiale Guan, Zhiyun Qian