Download as PDF, PPTX
![on_http_request_headers(&mut self, _num_headers: usize) -> Action
on_http_request_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action
on_http_request_trailers(&mut self, _num_trailers: usize) -> Action
on_http_response_headers(&mut self, _num_headers: usize) -> Action
on_http_response_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action
on_http_response_trailers(&mut self, _num_trailers: usize) -> Action
get_http_request_headers(&self) -> Vec<(String, String)>
set_http_request_headers(&self, headers: Vec<(&str, &str)>)
get_http_request_body(&self, start: usize, max_size: usize) -> Option<Bytes>
set_http_request_body(&self, start: usize, size: usize, value: &[u8])
...
send_http_response(&self, status_code: u32, headers: Vec<(&str, &str)>, body: Option<&[u8]>)
resume_http_request(&self)
proxy-wasm Rust API (HttpContext)](https://image.slidesharecdn.com/hackingthemeshextendingistiousingwasm8-27-20-200827171233/85/Hacking-the-Mesh-Extending-Istio-with-WebAssembly-Modules-DevNation-Tech-Talk-21-320.jpg)
![get_current_time(&self) -> SystemTime
get_property(&self, path: Vec<&str>) -> Option<Bytes>
set_property(&self, path: Vec<&str>, value: Option<&[u8]>)
get_shared_data(&self, key: &str) -> (Option<Bytes>, Option<u32>)
set_shared_data(&self, key: &str, value: Option<&[u8]>, cas: Option<u32>) -> Result<(), Status>
dispatch_http_call(&self, upstream: &str, headers: Vec<(&str, &str)>, body: Option<&[u8]>,
trailers: Vec<(&str, &str)>, timeout: Duration) -> Result<u32, Status>
on_http_call_response(&mut self, _token_id: u32, _num_headers: usize, _body_size: usize,
_num_trailers: usize)
proxy-wasm Rust API (Context)](https://image.slidesharecdn.com/hackingthemeshextendingistiousingwasm8-27-20-200827171233/85/Hacking-the-Mesh-Extending-Istio-with-WebAssembly-Modules-DevNation-Tech-Talk-22-320.jpg)
Uploaded byRed Hat Developers
Hacking the Mesh: Extending Istio with WebAssembly Modules | DevNation Tech Talk
1. The document discusses extending the functionality of Istio, an open-source service mesh, using WebAssembly (WASM). 2. WASM allows for writing filters in multiple languages and provides lightweight isolation. Various SDKs exist for developing WASM filters. 3. The document outlines how to write WASM filters, deploy them, and provides an example OpenID Connect filter. It concludes by discussing the outlook for improved WASM support in Istio and Envoy.
More Related Content
Similar to Hacking the Mesh: Extending Istio with WebAssembly Modules | DevNation Tech Talk
Hacking the Mesh: Extending Istio with WebAssembly Modules | DevNation Tech Talk
- 1. 1 Hacking the Mesh: ExtendingIstio using WASM
- 2.
- 3. • The Theory •Quick recap: What is a Service Mesh? • Envoy Filters • Web Assembly • Writing Filters • Languages and Frameworks • Deployment • OpenID Connect Filter Demo • Summary, Outlook Agenda
- 4.
- 5.
- 6.
- 7. Without Service Mesh Pod AppContainer Business Logic Discovery Encryption Load Balancing Circuit Breaking Metrics Tracing Pod App Container Business Logic Discovery Encryption Load Balancing Circuit Breaking Metrics Tracing
- 8. With Service Mesh Pod AppContainer Business Logic Proxy Container Discovery Encryption Load Balancing Circuit Breaking Metrics Tracing Pod App Container Business Logic Proxy Container Discovery Encryption Load Balancing Circuit Breaking Metrics Tracing
- 9. Envoy Data Flow ListenerFilterChainFilterChainFilters Router FilterChainFilterChainFilters Cluster
- 10. Envoy Data Flow ListenerFilterChainFilterChainFilters Router FilterChainFilterChainFilters Cluster Listener Config Cluster ConfigRoute Config
- 11. Envoy Data Flow ListenerFilterChainFilterChainFilters Router FilterChainFilterChainFilters Cluster Listener Config Cluster ConfigRoute Config
- 12. Incoming Request The FilterChain Filter A Filter B Filter C Router
- 13. Incoming Request Filter Classes ListenerFilters Network Filters HTTP Filters Router L4: Raw binary data L4: Raw binary data L7: HTTP requests
- 14. Incoming Request Filter Classes ListenerFilters Network Filters HTTP Filters Router L4: Raw binary data L4: Raw binary data L7: HTTP requests Network Filters HTTP Filters Network Filters HTTP Filters Filter Chain Matching
- 15. Why WebAssembly? ● Near-nativespeed ● Language-independent ● Lightweight isolation
- 16.
- 17. But also: - Openstandard developed by W3C - Active community - Various runtime implementations - ...simplifies filter development for Istio devs Why WebAssembly?
- 18. - proxy-wasm spec: https://github.com/proxy-wasm/spec -SDKs available for C++, Rust, Golang (tinygo), AssemblyScript (by solo.io) - Deployment by copying into container, adding to filter chain Writing Filters
- 19. C++ https://github.com/proxy-wasm/proxy-wasm-cpp-sdk Rust https://github.com/proxy-wasm/proxy-wasm-rust-sdk AssemblyScripthttps://github.com/solo-io/proxy-runtime Golang https://github.com/mathetake/proxy-wasm-go proxy-wasm SDKs
- 20.
- 21. on_http_request_headers(&mut self, _num_headers:usize) -> Action on_http_request_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action on_http_request_trailers(&mut self, _num_trailers: usize) -> Action on_http_response_headers(&mut self, _num_headers: usize) -> Action on_http_response_body(&mut self, _body_size: usize, _end_of_stream: bool) -> Action on_http_response_trailers(&mut self, _num_trailers: usize) -> Action get_http_request_headers(&self) -> Vec<(String, String)> set_http_request_headers(&self, headers: Vec<(&str, &str)>) get_http_request_body(&self, start: usize, max_size: usize) -> Option<Bytes> set_http_request_body(&self, start: usize, size: usize, value: &[u8]) ... send_http_response(&self, status_code: u32, headers: Vec<(&str, &str)>, body: Option<&[u8]>) resume_http_request(&self) proxy-wasm Rust API (HttpContext)
- 22. get_current_time(&self) -> SystemTime get_property(&self,path: Vec<&str>) -> Option<Bytes> set_property(&self, path: Vec<&str>, value: Option<&[u8]>) get_shared_data(&self, key: &str) -> (Option<Bytes>, Option<u32>) set_shared_data(&self, key: &str, value: Option<&[u8]>, cas: Option<u32>) -> Result<(), Status> dispatch_http_call(&self, upstream: &str, headers: Vec<(&str, &str)>, body: Option<&[u8]>, trailers: Vec<(&str, &str)>, timeout: Duration) -> Result<u32, Status> on_http_call_response(&mut self, _token_id: u32, _num_headers: usize, _body_size: usize, _num_trailers: usize) proxy-wasm Rust API (Context)
- 23. OpenID Connect Flow Proxy Authorization Server Service See:https://openid.net/specs/openid-connect-core-1_0.html
- 24.
- 25. Summary • Envoy filterscan augment Istio functionality • WebAssembly is the most versatile option for writing filters • Language support is evolving • It’s not in Envoy’s mainline yet • Deployment is still very low-level • solo.io have a project called wasme that simplifies the process
- 26. Outlook • OpenShift ServiceMesh will support WASM filters from 2.0+ • We will introduce a Custom Resource to make adding filters as easy as possible • Istio is moving all its custom filters to WASM equivalents • Will improve stability of WASM support in Envoy • Istio-Proxy currently the only ‘official’ build with WASM support
- 27.