Envoy Mobile v0.2 deep dive

In November we released Envoy Mobile v0.2. In the accompanying blog post we detailed the features that the library supported and announced that we had replaced the networking libraries in Lyft’s alpha rider app with Envoy Mobile. In this blog post, I want to expand on the technical aspects of the v0.2 release and take a technical deep dive of Envoy Mobile’s current architecture. Source: lyft.com

Building a Service Mesh with Envoy

Service Mesh is the communication layer in a microservice setup. All requests, to and from each of the services go through the mesh. Also known as an infrastructure layer in a microservices setup, the service mesh makes communication between services reliable and secure. Each service has its own proxy service (sidecars) and all the proxy services together form the service mesh. The side cars handle communication between services, which means all the traffic goes through the mesh and this transparent layer can now control how services interact.
Read more

Envoy Proxy in 2019: Security, Caching, Wasm, HTTP/3, and more

Since its release in September 2016, Envoy Proxy has gained enormous traction in the market. Envoy was a classic case of the right product at the right time: Envoy had the right set of features and performance to address this need. Some of these features included a runtime API for configuration & management, dynamic configuration, gRPC & HTTP/2 support, automatic retries, traffic shadowing, and robust observability systems. These factors created critical mass, driving rapid adoption.
Read more

Announcing Envoy Mobile

Today we are thrilled to announce the initial OSS preview release of Envoy Mobile, an iOS and Android client network library that brings the power of Envoy Proxy to mobile platforms. This is the beginning of a journey that we hope mobile developers around the industry will join us on. When Lyft originally announced Envoy in 2016, the project goal was simply stated as: The network should be transparent to applications.
Read more

How to Write Envoy Filters Like a Ninja!—Part 1

Envoy is a programmable L3/L4 and L7 proxy that powers today’s service mesh solutions including Istio, AWS App Mesh, Consul Connect, etc. At Envoy’s core lie several filters that provide a rich set of features for observing, securing, and routing network traffic to microservices. In these set of posts, we’ll have a look at the basics of Envoy filters and learn how to extend Envoy by implementing custom filters to create useful features!
Read more

Envoy and the “Programmable Edge”: The Changing Role of Edge Proxies and Developer Experience

At the inaugural EnvoyCon, which ran alongside KubeCon in Seattle last December, several large organisations discussed how they have recently begun using Envoy as an edge proxy, such as eBay, Pinterest and Groupon. Moving away from hardware-based load balancers and other edge appliances towards the software-based “programmable edge” provided by Envoy clearly has many benefits, particularly in regard to dynamism and automation. However, one of the core challenges presented was the need to create an effective control plane that integrates well with the existing engineering workflow or developer experience.
Read more

Ambassador: Building a Control Plane for an Envoy-Powered API Gateway on Kubernetes

This article provides an insight into the creation of the Ambassador open source API gateway for Kubernetes, and discusses the technical challenges and lessons learned from building a developer-focused control plane for managing ingress or ‘edge’ traffic within microservice-based applications. Key Takeaways Developed by Datawire, Ambassador is an open source API gateway designed specifically for use with the Kubernetes container orchestration framework. At its core, Ambassador is a control plane tailored for edge/API configuration for managing the Envoy Proxy “data plane”.
Read more

Lyft’s Envoy dashboards

I’ve given quite a few talks about observability in the age of the service mesh (most recent slides, unfortunately this talk series has not been recorded yet). Visibility into the inherently unstable network is one of the most important thing that Envoy provides and I’m asked repeatedly for the source of the dashboards that we use at Lyft. In the interest of “shipping” and getting something out there that can help folks, we are releasing a snapshot of our internal Envoy dashboards.
Read more

A Crash Course For Running Istio

At Namely we’ve been running with Istio for a year now. Yes, that’s pretty much when it first came out. We had a major performance regression with a Kubernetes cluster, we wanted distributed tracing, and used Istio to bootstrap Jaeger to investigate. We immediately saw the potential of a service mesh as it relates to our infrastructure and decided to make an investment in the tool. It hasn’t always been the smoothest ride, but we have learned a ton about how it works and how to operate it.
Read more

Understanding How Envoy Sidecar Intercept and Route Traffic in Istio Service Mesh

This article uses Istio’s official bookinfo example to explain how Envoy performs routing forwarding after the traffic entering the Pod and forwarded to Envoy sidecar by iptables, detailing the inbound and outbound processing. For a detailed analysis of traffic interception, see Understanding Envoy Sidecar Proxy Injection and Traffic Interception in Istio Service Mesh. Source: medium.com