Types of envoy configurations
- Static configuration
- Dynamic configuration. This can be done in two ways:
- From Filesystem
- From Control plane
Static configuration
To start envoy in static configuration we need the following:
- listeners
- clusters
- static_reources
- (Optional) admin section
static_resources
Contain everything that is configured statically when envoy starts. Can contain the following:
[]listeners
[]clusters
[]secrets
listeners
Lets configure an example listener on port 10000. Here all paths are matched and routed to service_envoyproxy_io
cluster
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
http_filters:
- name: envoy.filters.http.router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
cluster
The service_envoyproxy_io cluster proxies over TLS
to https://www.envoyproxy.io
clusters:
- name: service_envoyproxy_io
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: service_envoyproxy_io
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
Testing this static configuration
If now we start envoy with this configuration using command envoy -c <config_name>.yaml
and try querying the localhost:10000 port, we should get the envoyproxy homepage.
$ curl -v localhost:10000
Dynamic Configuration from filesystem
In this setup Envoy will automatically update its configuration whenever the files are changed on the filesystem. The following sections are a must for dynamic configuration:
node
node needs a cluster
and an id
node:
cluster: test-cluster
id: test-id
dynamic_resources
Specifies where to load dynamic configuration from
dynamic_resources:
cds_config:
path: ./cds.yaml
lds_config:
path: ./lds_yaml
listener
resources
The linked lds_config
should be an implementation of a Listener Discovery Service
resources:
- "@type": type.googleapis.com/envoy.config.listener.v3.Listener
name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
http_filters:
- name: envoy.router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains:
- "*"
routes:
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: example_proxy_cluster
cluster
resources
The linked cds_config
should be an implementation of a Cluster Discovery Service
resources:
- "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster
name: example_proxy_cluster
type: STRICT_DNS
connect_timeout: 3s
typed_extension_protocol_options:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicit_http_config:
http2_protocol_options: {}
load_assignment:
cluster_name: example_proxy_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
Dynamically editing the configuration
Let's try editing this config to start proxying to google.com instead of envoyproxy.io
In the lds.yaml
file change the following:
routes:
- match:
prefix: "/"
route:
- host_rewrite_literal: www.envoyproxy.io
+ host_rewrite_literal: www.google.com
cluster: example_proxy_cluster
As soon as we do this write in the file, the LDS config in the envoy will update and will show in the logs:
lds: add/update listener 'listener_0'
We need to update the cds.yaml
config as well:
load_assignment:
cluster_name: example_proxy_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
- address: www.envoyproxy.io
+ address: www.google.com
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
- sni: www.envoyproxy.io
+ sni: www.google.com
We should see the similar update in envoy's logs about the CDS config update
cds: added/updated 1 cluster(s), skipped 0 unmodified cluster(s)
Hence we were able to reload the envoy configuration dynamically without restarting the server itself.
Top comments (0)