How to Write Envoy Filters Like a Ninja!—Part 1

How to Write Envoy Filters Like a Ninja!—Part 1

Envoy is a programmable L3/L4 and L7 proxy that powers today’s service mesh solutions including Istio, AWS App Mesh, Consul Connect, etc. At Envoy’s core lie several filters that provide a rich set of features for observing, securing, and routing network traffic to microservices. In these set of posts, we’ll have a look at the basics of Envoy filters and learn how to extend Envoy by implementing custom filters to create useful features!

Envoy exposes a set of APIs that let users and control planes statically and dynamically configure the proxy. By configuring a Listener, users can enable the flow of traffic through the proxy, and then enhance the data flow using several Filters. Using a combination of these filters, Envoy can measure, transform, and perform higher order access control operations.

As the name suggests, a Listener allows Envoy to listen to network traffic at a configured address. Each Listener then defines a set of filters that sit in the data path, collectively forming a filter chain. By composing and arranging a set of filters, users can configure Envoy to translate protocol messages, generate statistics, perform RBAC, etc.

Envoy provides numerous built-in filters, and it also provides APIs to let you create your own!