Dynamic Envoy Proxy on Linux Machine

Envoy is a service proxy. Modern, configurable and observable. You will be able to define circuit breaking, load balancing, advanced rooting and much more if you decide to use envoy as a proxy.

Let’s see how we configure the Envoy as a proxy in front of our applications run on Linux machines.

Before the Envoy, we have used Nginx as a proxy. The main reason we moved from Nginx to Envoy is implementing the circuit breaker pattern and making the proxy more visible.

Envoy is a lightweight, written with C++, open-source and completely free. Also, it has built-in Prometheus metrics.

Envoy Configuration Methods

There is two configuration method we have. One is the static configuration and the other one is dynamic configuration.

Here is the simple static configuration example has one port listen to 10000 and redirect all requests to google.comthat comes from the port.

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { host_rewrite: www.google.com, cluster: service_google }
          http_filters:
          - name: envoy.router
  clusters:
  - name: service_google
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    hosts: [{ socket_address: { address: google.com, port_value: 443 }}]
    tls_context: { sni: www.google.com }

Save the file as envoy.yaml and easily run on a docker container with the command below.

docker run --name=proxy -d \
-p 8080:10000 \
-v $(pwd)/envoy/envoy.yaml:/etc/envoy/envoy.yaml \
envoyproxy/envoy:latest

After that, all the requests to port 8080 will be proxied to google.com

The static envoy configuration sample is taken from the https://www.katacoda.com/envoyproxy You can find many more helpful examples on there.

We are okay with that. What if we have the application that runs on the Linux machine and requires rollout deployments? To make it possible, we need a proxy that supports on the fly configuration changes like Envoy and Nginx.

Let's look for how we can do that by using the Envoy dynamic configuration method.

Install Envoy on Ubuntu

Instead of using a docker file, another option is running the Envoy proxy directly on the Linux.

Run the following lines to install.

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -sL 'https://getenvoy.io/gpg' | sudo apt-key add -
apt-key fingerprint 6FF974DB
sudo add-apt-repository "deb [arch=amd64] https://dl.bintray.com/tetrate/getenvoy-deb $(lsb_release -cs) \
stable"
sudo apt-get update && sudo apt-get install -y getenvoy-envoy
envoy --version

Install Envoy on Ubuntu

Create Linux Service

Create the file named envoy.serviceunder the path /etc/systemd/system

[Unit]
Description=Envoy
[Service]
ExecStart=/usr/bin/envoy -c /etc/envoy/envoy.yaml
Restart=always
RestartSec=5
KillMode=mixed
SyslogIdentifier=envoy
LimitNOFILE=640000
[Install]
WantedBy=multi-user.target

Envoy Dynamic Configurations

The envoy.yaml file is important. The file is an entry point for Envoy. As seen on ExecStart command above. Envoy never tracking the changes on the file after it started. It is okay. There is no reason to change the file. It is really simple and does not contain any detail.

We will copy all the envoy configuration files to the folder /etc/envoy

envoy.yaml

The node section is required. Envoy exposes a local administration interface that can be used to query and modify different aspects of the server. There is two dynamic config file provided. One for cluster definitionsand another one for listeners.

lds.yaml

The listener_0 configuration listens to port 80 and redirects all the requests to the route definition(/etc/envoy/rds.yaml) named local_route.

rds.yaml

The route definition that passes all the requests to the cluster named EnvoyNetCore. The cluster is known from the envoy.yaml file. (/etc/envoy/cds.yaml)

cds.yaml

Here is the cluster definition. You can declare more than one cluster on there. Cluster definitions points to endpoint definitions(eds.yaml). Also, at this level, you can configure a circuit breaker for the cluster.

eds.yaml

The last part of the configuration file is eds.yaml. This file contains address and port values to call any endpoint we want to include for the cluster.

You can define only one resource item at this point but more than one endpoints can be defined.

You can change these configuration files on the fly but Envoy can’t apply the change until you move the file with the same location & same name. So, create the new configurations as separate files with different names and move the files with the original names to the same path/name of the original ones.

mv /etc/envoy/eds.new.yaml /etc/envoy/eds.yaml

Envoy doesn’t apply any change on the fly if it is not valid.

The end.