Configs2026年4月12日·1 分钟阅读

Envoy Proxy — Cloud-Native High-Performance Service Proxy

Envoy is a cloud-native high-performance edge, middle, and service proxy. Originally built at Lyft, now a CNCF graduated project. The data plane behind Istio, AWS App Mesh, and many service mesh implementations. Written in C++ for maximum performance.

AI
AI Open Source · Community
快速使用

先拿来用,再决定要不要深挖

这里应该同时让用户和 Agent 知道第一步该复制什么、安装什么、落到哪里。

# Install via package or Docker
docker run -d --name envoy -p 10000:10000 -p 9901:9901 \
  envoyproxy/envoy:v1.31-latest

# Admin UI at http://localhost:9901
# Proxy at http://localhost:10000

Minimal config envoy.yaml:

static_resources:
  listeners:
    - name: listener_0
      address:
        socket_address:
          address: 0.0.0.0
          port_value: 10000
      filter_chains:
        - filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: backend
                      domains: ["*"]
                      routes:
                        - match: { prefix: "/" }
                          route: { cluster: service_backend }
                http_filters:
                  - name: envoy.filters.http.router
                    typed_config:
                      "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
    - name: service_backend
      connect_timeout: 5s
      type: STRICT_DNS
      load_assignment:
        cluster_name: service_backend
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: host.docker.internal
                      port_value: 8080
介绍

Envoy is a cloud-native, high-performance edge, middle, and service proxy originally built at Lyft and donated to the CNCF (graduated 2018). Written in C++ for maximum performance. Envoy is the data plane behind Istio, AWS App Mesh, Consul Connect, and many custom service mesh implementations. Handles L4/L7 load balancing, HTTP/2, gRPC, TLS termination, rate limiting, circuit breaking, and observability.

What Envoy Does

  • L7 proxy — HTTP/1.1, HTTP/2, HTTP/3, gRPC
  • L4 proxy — TCP, UDP, TLS
  • Load balancing — round robin, least request, ring hash, maglev
  • Service discovery — DNS, EDS (Endpoint Discovery Service)
  • Health checking — active and passive
  • Circuit breaking — per-upstream limits
  • Rate limiting — local and global
  • Observability — stats (Prometheus), tracing (Jaeger/Zipkin), access logs
  • TLS — termination and origination, mTLS
  • xDS API — dynamic configuration via control plane
  • WASM filters — extend Envoy with WebAssembly

Architecture

Single-process, multi-threaded C++ binary. Listeners accept connections, filter chains process them, clusters route to upstreams. xDS APIs (LDS, RDS, CDS, EDS, SDS) allow dynamic configuration from a control plane (like Istio or custom gRPC services). Hot restart enables zero-downtime upgrades.

Self-Hosting

# docker-compose.yml
version: "3"
services:
  envoy:
    image: envoyproxy/envoy:v1.31-latest
    ports:
      - "10000:10000"
      - "9901:9901"
    volumes:
      - ./envoy.yaml:/etc/envoy/envoy.yaml

Key Features

  • L4/L7 proxying
  • HTTP/2 and gRPC native
  • Dynamic configuration (xDS)
  • Service discovery
  • Circuit breaking and rate limiting
  • Observability (stats, tracing, logging)
  • mTLS
  • WASM filter extensibility
  • Hot restart
  • Admin API

Comparison

Proxy Type Config Language
Envoy L4/L7 xDS API C++
Nginx L4/L7 Static files C
HAProxy L4/L7 Static files C
Traefik L7 Auto-discovery Go
Caddy L7 Caddyfile/API Go
Linkerd2-proxy L4/L7 (sidecar) Control plane Rust

常见问题 FAQ

Q: Envoy vs Nginx? A: Nginx 擅长静态文件 + 简单反代(配置简单);Envoy 擅长微服务场景(动态配置、gRPC、可观测性、service mesh)。很多项目 Nginx 做入口,Envoy 做服务间代理。

Q: 和 Istio 关系? A: Istio 是控制面,Envoy 是数据面。Istio 通过 xDS API 给每个 Pod 的 Envoy sidecar 下发路由规则、mTLS 证书。

Q: WASM 扩展? A: 用 Rust/C++/Go/TinyGo 编写 WASM filter 扩展 Envoy 功能(自定义 header 修改、鉴权、限流逻辑),不需要重编译 Envoy。

来源与致谢 Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

pytest — The Python Testing Framework That Scales

pytest makes it easy to write small tests, yet scales to support complex functional testing. Fixtures, parameterization, plugins, markers, and a rich assertion introspection system. The de facto testing standard for the Python ecosystem.

AI Open Source

Locust — Scalable Load Testing in Pure Python

Locust is an open-source load testing tool where you define user behavior in plain Python code. Distributed, scalable, and with a real-time web UI for monitoring. No DSL to learn — just write Python.

AI Open Source

Wails — Build Desktop Apps with Go and Web Technologies

Wails lets you create beautiful desktop applications using Go for the backend and any web frontend. Uses the OS native WebView (like Tauri) producing ~8MB binaries. No Electron bloat, full Go power, and access to native APIs via bindings.

AI Open Source
首页🔍搜索👤我的