我的书签
添加书签
移除书签Envoy extensions overview
This topic provides an overview of Envoy extensions in Consul service mesh deployments. You can modify Consul-generated Envoy resources to add additional functionality without modifying the Consul codebase.
Introduction
Consul supports two methods for modifying Envoy behavior. You can either modify the Envoy resources Consul generates through escape hatches or configure your services to use Envoy extensions using the EnvoyExtension parameter. Implementing escape hatches requires rewriting the Envoy resources so that they are compatible with Consul, a task that also requires understanding how Consul names Envoy resources and enforces intentions.
Instead of modifying Consul code, you can configure your services to use Envoy extensions through the EnvoyExtensions field. This field is definable in proxy-defaults and service-defaults configuration entries.
Supported extensions
Envoy extensions enable additional service mesh functionality in Consul by changing how the sidecar proxies behave. Extensions dynamically modify the configuration of Envoy proxies based on Consul configuration entries, enabling a wider set of use cases for the service mesh traffic that passes through an Envoy proxy. Consul supports the following extensions:
- External authorization
- Lua
- Lambda
- Property override
- WebAssembly (Wasm)
External authorization
The ext-authz extension lets you configure external authorization filters for Envoy proxy so that you can route requests to external authorization systems. Refer to the external authorization documentation for more information.
Lambda
The lambda Envoy extension enables services to make requests to AWS Lambda functions through the mesh as if they are a normal part of the Consul catalog. Refer to the Lambda extension documentation for more information.
Lua
The lua Envoy extension enables HTTP Lua filters in your Consul Envoy proxies. It allows you to run Lua scripts during Envoy requests and responses from Consul-generated Envoy resources. Refer to the Lua extension documentation for more information.
Property override
The property-override extension lets you set and unset individual properties on the Envoy resources that Consul generates. Use the extension instead of escape-hatch overrides to enable advanced Envoy configuration. Refer to the property override documentation for more information.
WebAssembly
The wasm extension enables you to configure TCP and HTTP filters that invoke custom WebAssembly (Wasm) plugins. Refer to the WebAssembly extenstion documentation for more information.
