aws-app-mesh-roadmap icon indicating copy to clipboard operation
aws-app-mesh-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws

Enable custom filters for Envoy

Open jamsajones opened this issue 6 years ago • 11 comments

Customers should be able to build their own filters into Envoy and we should allow config of those filters.

jamsajones avatar Nov 28 '18 18:11 jamsajones

This would be fantastic. Use-cases I envision are filters to route requests using custom shard keys for data storage, failure isolation, and canary changes.

jellevandenhooff avatar Nov 29 '18 04:11 jellevandenhooff

This is the bring your own envoy thing?

dio avatar Nov 29 '18 08:11 dio

@jellevandenhooff and @dio, Yes! Our intent is to work with any Envoy that can do SigV4. We are currently pushing our code to do this to upstream Envoy (see: https://github.com/envoyproxy/envoy/issues/5215). Once that is completed we will start exploring the work to change the intent provided in config to filters that you have developed. If you have usecases for this, we would love to hear them in order to better understand and do the right thing.

jamsajones avatar Dec 05 '18 01:12 jamsajones

This sounds useful!

As a platform developer, I'd like my colleagues, application developers, to selectively enable envoy filters via running awscli or calling AWS API. An example of filters that is useful if enabled selectively is gRPC-Web filter.

mumoshu avatar Dec 05 '18 08:12 mumoshu

Just to get a little more detail on the custom Envoy statement: Does this imply that it will be possible to deploy to the App Mesh a custom built Envoy binary that is compatible with App Mesh of course e.g. with SigV4 etc?

donovano avatar Mar 15 '19 18:03 donovano

This question was answered somewhere else thanks. Being able to customize (i.e. add a custom filter) the AWS SigV4 Envoy and using it in your App Mesh will be a powerful feature. I believe the configuration for the custom filter would be done via the "static bootstrap config" which is fine - maybe one can add dynamic config in the future too. Looking forward to getting access to the SigV4 Envoy source and trying this out. Thanks.

donovano avatar Mar 28 '19 20:03 donovano

Yes, I would love to see this too, envoy has a very powerful feature set that I'd like to use beyond app mesh integration. Similarly, I want gRPC-WEB, gRPC-JSON, and some of the authorization features.

mattbailey avatar Apr 01 '19 17:04 mattbailey

gRPC-JSON and gRPC-WEB and auth feature is definitely a good choice. Some use case and example or walkthrough will be even better.

stanfan1992 avatar Aug 15 '19 07:08 stanfan1992

Our use-case is to use AppMesh with RDS. So, we can access the databases on a different port (443) than the default port (5432). Specifically with Postgres. Envoy has filters you can use to proxy Postgres-protocol.

ghost avatar Nov 19 '21 10:11 ghost

I'd like to use the OPA Envoy plugin for external authorization of requests as talked about here on the OPA website. I believe it's related to this feature request.

buffdaddy570 avatar Sep 19 '23 12:09 buffdaddy570

I am extremely dissatisfied to see this feature has been lacking over the last 6 years. I hope AWS will make the right decision to make their image customizable by providing a config to merge.

Our current system runs two envoy proxies just for allowing gRPC transcoding. Can't wait to simplify our system and decrease our load + latency by shrinking it down to a single one.

Dogacel avatar May 11 '24 21:05 Dogacel