1. Answers
  2. Customizing Envoy Proxy Configuration in Istio Service Mesh

How do I apply custom configuration to Envoy Proxy in Istio Service Mesh?

In this guide, we will demonstrate how to apply custom configuration to the Envoy Proxy within an Istio Service Mesh using Pulumi and TypeScript. This involves creating a EnvoyFilter resource that modifies the behavior of the Envoy proxy in the Istio mesh.

Steps:

  1. Install Pulumi and the necessary packages: Ensure Pulumi is installed and the necessary packages for Kubernetes and Istio are added to your project.
  2. Define the custom Envoy configuration: Create a configuration that will be injected into the Envoy proxy.
  3. Create the EnvoyFilter resource: Use Pulumi to deploy the custom configuration to your Kubernetes cluster.

Pulumi Program

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the custom Envoy configuration
const envoyFilterConfig = {
    apiVersion: "networking.istio.io/v1alpha3",
    kind: "EnvoyFilter",
    metadata: {
        name: "custom-envoy-filter",
        namespace: "istio-system",
    },
    spec: {
        workloadSelector: {
            labels: {
                app: "my-app",
            },
        },
        configPatches: [
            {
                applyTo: "HTTP_FILTER",
                match: {
                    context: "SIDECAR_INBOUND",
                    listener: {
                        filterChain: {
                            filter: {
                                name: "envoy.http_connection_manager",
                                subFilter: {
                                    name: "envoy.router",
                                },
                            },
                        },
                    },
                },
                patch: {
                    operation: "INSERT_BEFORE",
                    value: {
                        name: "envoy.filters.http.lua",
                        typed_config: {
                            "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua",
                            inlineCode: `
                                function envoy_on_request(request_handle)
                                    request_handle:logInfo("Hello from Lua script!")
                                end
                            `,
                        },
                    },
                },
            },
        ],
    },
};

// Create the EnvoyFilter resource
const envoyFilter = new k8s.apiextensions.CustomResource("custom-envoy-filter", envoyFilterConfig);

Key Points

  • EnvoyFilter Resource: This resource allows you to apply custom configurations to Envoy proxies within the Istio service mesh.
  • Workload Selector: Specifies which workloads the filter should apply to using labels.
  • Config Patches: Defines the modifications to apply, such as inserting a Lua script to log requests.

Summary

We have demonstrated how to apply a custom configuration to the Envoy Proxy in an Istio Service Mesh using Pulumi and TypeScript. By creating an EnvoyFilter resource, you can modify the behavior of the Envoy proxy to suit your needs. This approach allows for flexible and powerful customizations within your service mesh.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up