It's Proxies All The Way Down: Envoy/xDS 101
Tutorial Room | Mon 20 Jan 1:30 p.m.–3:10 p.m.
Presented by
-
Jacob Taylor
https://jacobtaylor.id.au
Jake is a senior network engineer at Canva with over eight years of experience in the field. He currently yells at Bazel a lot and occasionally builds network infrastructure. He's also an avid developer, having contributed to open-source projects such as Envoy. Having worked at organisations such as NTT, AWS, and Atlassian, he has been exposed to a variety of different networks and codebases. His areas of expertise include routing, application delivery, and edge computing. He also has experience in the compute space, with a background in traditional system administration and more recent experience with container technologies and Kubernetes. When he’s not looking at a computer, you can find him shooting arrows, cooking, walking, playing video games, and making soap.
Jacob Taylor
https://jacobtaylor.id.au
Abstract
According to the project website, "Envoy is an open source edge and service proxy, designed for cloud-native applications".
While this is an accurate description, it doesn't convey much about how Envoy operates and how you use it.
It is famously the basis of many open-source traffic management platforms and solutions, such as Istio, Envoy Gateway, and Consul.
However, how do these solutions utilize Envoy to deliver their capabilities? Could you do the same? Turns out: you absolutely can!
This tutorial session will focus on introducing Envoy, its capabilities, and how you leverage them programmatically.
It will cover the key components of Envoy configuration, the options for extensibility, and how to configure Envoy dynamically.
Each of these sections will be paired with a live tutorial that will have attendees:
- Run live Envoy instances on their machines
- Examine and edit Envoy YAML configuration
- Test how their configuration changes impact Envoy behaviour
In the later tutorials, attendees will explore how an External Authorization sidecar functions with Envoy as well as demonstrate how a Python app can configure Envoy on the fly. We'll also briefly compare Envoy with other proxy solutions.
By the end of this tutorial, attendees will be able to:
- Understand the structure of the Envoy configuration schema
- Describe the purpose of the critical Envoy configuration entities (listeners, filters, clusters) and the relationships between them
- Identify how the application of different filters can impact the behaviour of the proxy
- Identify the opportunities for extending Envoy's capabilities
- Understand the purpose of ExtAuthz sidecars and how they integrate with Envoy
- Understand how xDS allows dynamic configuration of Envoy
- Identify the Envoy components that xDS can dynamically configure
- Describe how to bootstrap xDS clusters in Envoy
- Understand how xDS servers can be implemented in software
Attendees are expected to have a laptop with Docker Desktop or other runtimes with Docker Compose support, as well as a GIT client.
According to the project website, "Envoy is an open source edge and service proxy, designed for cloud-native applications". While this is an accurate description, it doesn't convey much about how Envoy operates and how you use it. It is famously the basis of many open-source traffic management platforms and solutions, such as Istio, Envoy Gateway, and Consul. However, how do these solutions utilize Envoy to deliver their capabilities? Could you do the same? Turns out: you absolutely can! This tutorial session will focus on introducing Envoy, its capabilities, and how you leverage them programmatically. It will cover the key components of Envoy configuration, the options for extensibility, and how to configure Envoy dynamically. Each of these sections will be paired with a live tutorial that will have attendees: - Run live Envoy instances on their machines - Examine and edit Envoy YAML configuration - Test how their configuration changes impact Envoy behaviour In the later tutorials, attendees will explore how an External Authorization sidecar functions with Envoy as well as demonstrate how a Python app can configure Envoy on the fly. We'll also briefly compare Envoy with other proxy solutions. By the end of this tutorial, attendees will be able to: - Understand the structure of the Envoy configuration schema - Describe the purpose of the critical Envoy configuration entities (listeners, filters, clusters) and the relationships between them - Identify how the application of different filters can impact the behaviour of the proxy - Identify the opportunities for extending Envoy's capabilities - Understand the purpose of ExtAuthz sidecars and how they integrate with Envoy - Understand how xDS allows dynamic configuration of Envoy - Identify the Envoy components that xDS can dynamically configure - Describe how to bootstrap xDS clusters in Envoy - Understand how xDS servers can be implemented in software Attendees are expected to have a laptop with Docker Desktop or other runtimes with Docker Compose support, as well as a GIT client.