Types of envoy configurations
- Static configuration
- Dynamic configuration. This can be done in two ways:
- From Filesystem
- From Control plane
Static configuration
To start envoy in static configuration we need the following:
- listeners
- clusters
- static_reources
- (Optional) admin section
static_resources
Contain everything that is configured statically when envoy starts. Can contain the following:
[]listeners[]clusters[]secrets
listeners
Lets configure an example listener on port 10000. Here all paths are matched and routed to service_envoyproxy_io cluster
listeners: - name: listener_0 address: socket_address: address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog http_filters: - name: envoy.filters.http.router route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: - match: prefix: "/" route: host_rewrite_literal: www.envoyproxy.io cluster: service_envoyproxy_io cluster
The service_envoyproxy_io cluster proxies over TLS to https://www.envoyproxy.io
clusters: - name: service_envoyproxy_io type: LOGICAL_DNS # Comment out the following line to test on v6 networks dns_lookup_family: V4_ONLY load_assignment: cluster_name: service_envoyproxy_io endpoints: - lb_endpoints: - endpoint: address: socket_address: address: www.envoyproxy.io port_value: 443 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext sni: www.envoyproxy.io Testing this static configuration
If now we start envoy with this configuration using command envoy -c <config_name>.yaml and try querying the localhost:10000 port, we should get the envoyproxy homepage.
$ curl -v localhost:10000 Dynamic Configuration from filesystem
In this setup Envoy will automatically update its configuration whenever the files are changed on the filesystem. The following sections are a must for dynamic configuration:
node
node needs a cluster and an id
node: cluster: test-cluster id: test-id dynamic_resources
Specifies where to load dynamic configuration from
dynamic_resources: cds_config: path: ./cds.yaml lds_config: path: ./lds_yaml listener resources
The linked lds_config should be an implementation of a Listener Discovery Service
resources: - "@type": type.googleapis.com/envoy.config.listener.v3.Listener name: listener_0 address: socket_address: address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: ingress_http http_filters: - name: envoy.router route_config: name: local_route virtual_hosts: - name: local_service domains: - "*" routes: - match: prefix: "/" route: host_rewrite_literal: www.envoyproxy.io cluster: example_proxy_cluster cluster resources
The linked cds_config should be an implementation of a Cluster Discovery Service
resources: - "@type": type.googleapis.com/envoy.config.cluster.v3.Cluster name: example_proxy_cluster type: STRICT_DNS connect_timeout: 3s typed_extension_protocol_options: envoy.extensions.upstreams.http.v3.HttpProtocolOptions: "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions explicit_http_config: http2_protocol_options: {} load_assignment: cluster_name: example_proxy_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: address: www.envoyproxy.io port_value: 443 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext sni: www.envoyproxy.io Dynamically editing the configuration
Let's try editing this config to start proxying to google.com instead of envoyproxy.io
In the lds.yaml file change the following:
routes: - match: prefix: "/" route: - host_rewrite_literal: www.envoyproxy.io + host_rewrite_literal: www.google.com cluster: example_proxy_cluster As soon as we do this write in the file, the LDS config in the envoy will update and will show in the logs:
lds: add/update listener 'listener_0' We need to update the cds.yaml config as well:
load_assignment: cluster_name: example_proxy_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: - address: www.envoyproxy.io + address: www.google.com port_value: 443 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext - sni: www.envoyproxy.io + sni: www.google.com We should see the similar update in envoy's logs about the CDS config update
cds: added/updated 1 cluster(s), skipped 0 unmodified cluster(s) Hence we were able to reload the envoy configuration dynamically without restarting the server itself.
Top comments (0)