A foray into WASM filters for Envoy
You need the following tools to play around with this project:
- Go - Go programming tools.
- TinyGo - Compiles Go to WASM (among other things).
- Docker - Container runtime (for running an Envoy image).
bash- Needs no introduction.curl- Also, needs no introduction.
You can run the automated tests. This will:
- Build the WASM plugin
- Start Envoy in a Docker container configured with the WASM plugin
- Poke the WASM filter with a bunch of different inputs to test:
- Normal operation
- SQL injection detection
- Rate limit enforcement
# Run the automated tests
./run-tests.shYou can also just play around with this manually.
Take a look through the run-tests.sh file for inspiration.
# Build the plugin
tinygo build -o overwatch.wasm -scheduler=none -target=wasi# Launch Envoy.
docker run --rm --name envoy \
-p 19000:19000 \
-p 10000:10000 \
-v $(pwd)/envoy-config.yaml:/etc/envoy/config.yaml \
-v $(pwd)/overwatch.wasm:/etc/envoy/plugins/overwatch.wasm \
envoyproxy/envoy:v1.24.0 -c /etc/envoy/config.yaml --component-log-level wasm:debug# Send requests to the app through Envoy in a separate terminal
# If you send more than 5 requests in a 10 second window you will get rate limited.
curl localhost:10000 ...