Customizing Envoy Proxy with WebAssembly

Transcript

1. WebAssembly and Envoy Proxy Feb 06, 2020 Christian Posta Global

   Field CTO @christianposta Scott Weiss Principal Engineer @ilackarms

2. 2 | Copyright © 2020 01 02 03 04 Service

   Mesh Data Plane and Control Plane Traffic Patterns North/South vs. East/West Extending the Data Plane WebAssembly Agenda

3. 3 | Copyright © 2020 SERVICE MESH JOURNEY INNOVATION MODERNIZE

   TO MICROSERVICES SERVICE MESH MANAGEMENT ANY MESH - ANYWHERE ADAPTIVE SERVICE MESH

4. 4 | Copyright © 2020 What is a proxy? •

   A proxy applies policy to network traffic by acting as a middle-man between a client and server • Common proxies contain features for TCP and HTTP traffic, including: − TLS termination / Authorization / Security − Traffic Monitoring and Telemetry − Load Balancing, Health checks, Locality-aware routing & more • The popular Envoy Proxy exposes its features through TCP and HTTP filters Traditional Proxy Architecture

5. 5 | Copyright © 2020 Service Mesh - Service Proxies

   • The Service Mesh Architecture introduces a service proxy (Envoy Proxy) into every Kubernetes Pod • All TCP/HTTP traffic between pods is routed via the service proxies − Pods only ever connect directly to each other via to their “sidecar” proxy • Each service proxy acts as a personal firewall/gateway into and out of each individual pod • Together, the service proxies are known as the service-mesh data plane

6. 6 | Copyright © 2020 Service Mesh - Control Plane

   • Proxies retrieve their configuration from a centralized discovery service known as the control plane • The control plane combines information about the environment with user configuration to configure the proxies (data plane) • The control plane and data plane together constitute the service mesh • Service mesh manages the service-to-service communication (east-west traffic) 1 https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc

7. 7 | Copyright © 2020 API Gateway - Edge Proxy

   • While a service mesh manages traffic between services • API gateways manage the traffic between the service mesh (cluster) and the outside world, aka “the edge” • Acts as the “Gateway” for accessing heterogenous backends, e.g. in a microservices environment

8. 8 | Copyright © 2020 API Gateway vs Service Mesh

   EAST-WEST TRAFFIC NORTH-SOUTH TRAFFIC SERVICE I SERVICE II SERVICE III SERVICE IV SERVICE V

9. 9 | Copyright © 2020 API Gateway vs Service Mesh

   EAST-WEST TRAFFIC NORTH-SOUTH TRAFFIC SERVICE I SERVICE II SERVICE III SERVICE IV SERVICE V Everything is running Envoy

10. 10 | Copyright © 2020 Extending the Envoy Proxy Data

    Plane • Envoy processes traffic via pluggable modules called “filters” • These filters are chained together to process the request • Envoy ships with OOTB filters • Envoy supports extension with custom filters

11. 11 | Copyright © 2020 Extending Envoy Proxy - Adding

    Custom Filters CURRENTLY: − Write filter in C++ − Statically link it to Envoy (requires compiling Envoy) − Ship and deploy new version of Envoy

12. 12 | Copyright © 2020 Extending Envoy Proxy - Adding

    Custom Filters THE OLD WAY: − Write filter in C++ − Statically link it to Envoy (requires compiling Envoy) − Ship and deploy new version of Envoy

13. 13 | Copyright © 2020 Web Assembly? THE NEW WAY:

    WebAssembly WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine Portable compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications Envoy Proxy starting to introduce support for WebAssembly

14. 14 | Copyright © 2020 Extending Envoy Proxy - Adding

    Custom Filters THE NEW WAY: WebAssembly − Write filter in any language − Compile to .wasm module − Dynamically load in Envoy Proxy during runtime

15. 15 | Copyright © 2020 Extending Envoy Proxy - Adding

    Custom Filters THE NEW WAY: WebAssembly Benefits Include − Accessible to more developers beyond C++ − Eliminate need to customize, distribute and maintain a distro of Envoy Proxy − Reliability as Envoy and Module are isolated from each other − Solutions that use Envoy Proxy can also leverage WebAssembly − NOTE: Not recommended for production use (yet!)

16. 16 | Copyright © 2020 Introducing WebAssembly Hub and wasme

    Build, Deploy, and Publish • Write filter in any language • Compile to .wasm module • Dynamically load in Envoy Proxy during runtime • Publish and share filters

17. 17 | Copyright © 2020 https://webassemblyhub.io

18. 18 | Copyright © 2020 WebAssembly Hub • wasme CLI

    tool for interacting with the hub ◦ wasme build

19. 19 | Copyright © 2020 WebAssembly Hub • wasme CLI

    tool for interacting with the hub ◦ wasme build ◦ wasme deploy ◦ wasme push

20. 20 | Copyright © 2020 20 | Copyright © 2020

    Demo

21. 21 | Copyright © 2020 TRY THE HUB webassemblyhub.io GITHUB

    github.com/solo-io/wasme DOCS docs.solo.io/web-assembly-hub/latest COMMUNITY slack.solo.io Links to View More