contrib/envoy/extensions/filters/http/golang/v3alpha/golang.proto (proto)

Warning

This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

extensions.filters.http.golang.v3alpha.Config

[extensions.filters.http.golang.v3alpha.Config proto]

Golang configuration overview.

In the below example, we configured the go plugin ‘auth’ and ‘limit’ dynamic libraries into Envoy, which can avoid rebuilding Envoy.

  • Develop go-plugin

We can implement the interface of StreamFilter <contrib/golang/filters/http/source/go/pkg/api.StreamFilter> API by the GO language to achieve the effects of Envoy native filter.

The filter based on the APIs implementation StreamFilter <contrib/golang/filters/http/source/go/pkg/api.StreamFilter> For details, take a look at the /contrib/golang/filters/http/test/test_data/echo.

Then put the GO plugin source code into the ${OUTPUT}/src/ directory with the name of the plugin for GO plugin builds. The following examples implement limit and auth GO plugins.

$ tree /home/admin/envoy/go-plugins/src/
  |--auth
  |   |--config.go
  |   |--filter.go
  ---limit
      |--config.go
      |--filter.go
  • Build go-plugin

Build the Go plugin so by go_plugin_generate.sh script, below example the liblimit.so and libauth.so will be generated in the /home/admin/envoy/go-plugins/ directory.

#!/bin/bash
if [ $# != 2 ]; then
   echo "need input the go plugin name"
   exit 1
fi

PLUGINNAME=$1
OUTPUT=/home/admin/envoy/go-plugins/
PLUGINSRCDIR=${OUTPUT}/src/${PLUGINNAME}
go build --buildmode=c-shared  -v -o $OUTPUT/lib${PLUGINNAME}.so $PLUGINSRCDIR
$ go_plugin_generate.sh limit
$ go_plugin_generate.sh auth
  • Configure go-plugin

Use the http filter of :ref: golang <envoy.filters.http.golang> to specify :ref: library <envoy.filters.http.golang> in ingress and egress to enable the plugin.

Example:

static_resources:
  listeners:
    - name: ingress
      address:
        socket_address:
          protocol: TCP
          address: 0.0.0.0
          port_value: 8080
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
            ......
                http_filters:
                  - name: envoy.filters.http.golang
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
                      library_id: limit-id
                      library_path: "/home/admin/envoy/go-plugins/liblimit.so"
                      plugine_name: limit
                      plugin_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.golang.plugins.limit.v3.Config
                        xxx1: xx1
                        xxx2: xx2
                  - name: envoy.filters.http.header_to_metadata
                  - name: envoy.filters.http.golang
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
                      library_id: auth-id
                      library_path: "/home/admin/envoy/go-plugins/libauth.so"
                      plugine_name: auth
                      plugin_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.golang.plugins.auth.v3.Config
                        xxx1: xx1
                        xxx2: xx2
                  - name: envoy.filters.http.router
    - name: egress
      address:
        socket_address:
          protocol: TCP
          address: 0.0.0.0
          port_value: 8081
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
                ......
                http_filters:
                  - name: envoy.filters.http.golang
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.Config
                      library_id: auth-id
                      library_path: "/home/admin/envoy/go-plugins/libauth.so"
                      plugine_name: auth
                      plugin_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.http.golang.plugins.auth.v3.Config
                        xxx1: xx1
                        xxx2: xx2
                  - name: envoy.filters.http.router

This extension has the qualified name envoy.filters.http.golang

Note

This extension is only available in contrib images.

Note

This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is not hardened and should only be used in deployments where both the downstream and upstream are trusted.

Tip

This extension extends and can be used with the following extension category:

{
  "library_id": ...,
  "library_path": ...,
  "plugin_name": ...,
  "plugin_config": {...},
  "merge_policy": ...
}
library_id

(string, REQUIRED) library_id is a unique ID for a dynamic library file, must be unique globally.

library_path

(string, REQUIRED) Dynamic library implementing the interface of StreamFilter <contrib/golang/filters/http/source/go/pkg/api.StreamFilter>.

plugin_name

(string, REQUIRED) plugin_name is the name of the go plugin, which needs to be consistent with the name registered in http::RegisterHttpFilterConfigFactory.

plugin_config

(Any) plugin_config is the configuration of the go plugin, note that this configuration is only parsed in the go plugin.

merge_policy

(extensions.filters.http.golang.v3alpha.Config.MergePolicy) merge_policy is the merge policy configured by the go plugin. go plugin configuration supports three dimensions: the virtual host’s typed_per_filter_config, the route’s typed_per_filter_config or filter’s config. The meanings are as follows: MERGE_VIRTUALHOST_ROUTER_FILTER: pass all configuration into go plugin. MERGE_VIRTUALHOST_ROUTER: pass Virtual-Host and Router configuration into go plugin. OVERRIDE: override according to Router > Virtual_host > Filter priority and pass the configuration to the go plugin.

Enum extensions.filters.http.golang.v3alpha.Config.MergePolicy

[extensions.filters.http.golang.v3alpha.Config.MergePolicy proto]

MERGE_VIRTUALHOST_ROUTER_FILTER

(DEFAULT)

MERGE_VIRTUALHOST_ROUTER

OVERRIDE

extensions.filters.http.golang.v3alpha.RouterPlugin

[extensions.filters.http.golang.v3alpha.RouterPlugin proto]

{
  "config": {...}
}
config

(Any, REQUIRED) The config field is used to setting per-route plugin config.

Example

typed_per_filter_config:
  envoy.filters.http.golang:
    "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.ConfigsPerRoute
    plugins_config:
      plugin1:
       disabled: true

extensions.filters.http.golang.v3alpha.ConfigsPerRoute

[extensions.filters.http.golang.v3alpha.ConfigsPerRoute proto]

{
  "plugins_config": {...}
}
plugins_config

(repeated map<string, extensions.filters.http.golang.v3alpha.RouterPlugin>) plugins_config is the configuration of the go plugin at the per-router, and key is the name of the go plugin. Example

typed_per_filter_config:
  envoy.filters.http.golang:
    "@type": type.googleapis.com/envoy.extensions.filters.http.golang.v3alpha.ConfigsPerRoute
    plugins_config:
      plugin1:
       disabled: true
      plugin2:
       config:
         "@type": type.googleapis.com/golang.http.plugin2
         xxx: xxx