envoymesh
Warning: under active development
Envoy mesh is an experimental simple service mesh built on top of
go-control-plane that
provides the following features:
- sidecar-based service mesh architecture
- lightweight installation, targeted for Kubernetes
- out-of-the-box telemetry, authorization checks, and L7 routing capabilities
- direct access to Envoy xDS
APIs for customizing
application-level network behavior
Goals
- Minimal implementation of a control plane for a fleet of Envoy proxies
- ADS for coordinated configuration rollout
- Implementation of native Envoy extension points (access log, metrics,
external authorization)
Limitations
- This project uses jsonnet extensively for rapid prototyping of Envoy API
processing logic.
- No support for health checks in the application deployment.
Build instructions
envoymesh uses standard go tooling. Requirements:
- golang 1.9.2 or above
- godep
- (recommended) jsonnet or go-jsonnet
Use build.sh
script to generate and push containers for the sidecar
envoy and a controller binary.
For local development:
# Start the controller
go run cmd/controller/main.go --logtostderr -v 2 --kubeconfig ~/.kube/config
# Start the proxy
go run cmd/agent/main.go --envoy=$(which envoy)
Test instructions
-
Use the famous bookinfo app for demonstration:
kubectl apply -f samples/bookinfo.yaml
Access the web page by using EXTERNAL_IP
of productpage
service:
http://EXTERNAL_IP/productpage
-
Grant admin permissions to the application service account:
kubectl create clusterrolebinding envoymesh --clusterrole=cluster-admin --serviceaccount=default:envoymesh
-
Inject the sidecar using the following script:
cat samples/bookinfo.yaml \
| go run cmd/inject/main.go \
> samples/bookinfo-injected.yaml
-
Submit the envoy config generation script:
kubectl create configmap jsonnet --from-file envoy.jsonnet
-
Deploy the mesh:
# Proxy controller
kubectl apply -f samples/mesh.yaml
# Policy and telemetry controller
kubectl apply -f samples/mixer.yaml
# Bookinfo
kubectl apply -f samples/bookinfo-injected.yaml
Access the web page again at http://EXTERNAL_IP/productpage
. Traffic should
be flowing through Envoy!