Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow use of any envoy HTTP filter #4606

Open
carlin-q-scott opened this issue Oct 7, 2022 · 6 comments
Open

Allow use of any envoy HTTP filter #4606

carlin-q-scott opened this issue Oct 7, 2022 · 6 comments
Labels
stale Issue is stale and will be closed t:feature New feature or enhancement request

Comments

@carlin-q-scott
Copy link

Please describe your use case / problem.
I would like to use a built-in envoy http filter, but I see no way of enabling or configuring it with emissary-ingress.

Describe the solution you'd like
Create a ConnectionManager CRD with an http_filters property for configuring any http_filter that's available through envoy. Or create something like the Filter CRD from EdgeStack in the base emissary-ingress and allow us to configure envoy filters through that.

Describe alternatives you've considered
Export the generated envoy.json from a running stack, add the filters to that, then mount the file to the container in the base config folder.

Additional context
@cindymullins-dw cindymullins-dw added the t:feature New feature or enhancement request label Oct 14, 2022
@cindymullins-dw
Copy link
Contributor

Hi @carlin-q-scott , filters are generally a feature of Edge Stack but we do have users who build their own features to work with Emissary. Could you tell us more about your use case for this Envoy http filter and point to the relevant link there?

@sbzimpart
Copy link

We are investigating a similar use case is to load proxy wasm filter into envoy like below:

       - name: envoy.filters.http.wasm
        typed_config:
          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
          type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
          value:
            config:
              name: "my_plugin"
              root_id: "my_root_id"
              configuration:
                "@type": "type.googleapis.com/google.protobuf.StringValue"
                value: |
                  {}
              vm_config:
                runtime: "envoy.wasm.runtime.v8"
                vm_id: "my_vm_id"
                code:
                  local:
                    filename: "/etc/envoy_filter_http_wasm_example.wasm"
                configuration: {}

Is there any plans to implement EnvoyFilter CRD or what alternative you can suggest?

@chendo
Copy link

chendo commented Oct 15, 2022

Not exposing Envoy filters directly reduces the effective power from using Envoy in the first place.

In our case, we would like to be able to use Lua scripting to do some custom mitigations for certain types of attacks.

@fardin01
Copy link

@chendo did you find a way by any chance?

@gecube
Copy link

gecube commented Nov 22, 2023

Also looking a way to use a custom envoy filter in emissary installation

@pkalantri-ebsco
Copy link

Are there any plans to include Filter & FilterPolicy CRD's from AES into Emissary? We are trying to add signal sciences agent as a sidecar to our emissary but it can't reroute traffic to the sidecar without these 2 CRD's.
Please let me know.

@dbonf dbonf mentioned this issue Jul 1, 2024
Open
@dosubot dosubot bot added the stale Issue is stale and will be closed label Jul 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale Issue is stale and will be closed t:feature New feature or enhancement request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@chendo @carlin-q-scott @gecube @fardin01 @cindymullins-dw @pkalantri-ebsco @sbzimpart