Question: Possible to run Cilium proxy as standard Envoy proxy with Go extension?

[chris-giblin]

Hi,
I am interested in using Go to extend Envoy. Envoy TinyGo/WASM would be nice but TinyGo is limited for our purposes.
Cilium proxy however supports extensions in real Go. We don't need BPF.

Can the Cilium proxy be run as a "normal" Envoy proxy, proxying TCP connections, with the Go extension?

[aanm]

cc @jrajahalme

[jrajahalme]

This answer is pretty late, but here we go: In short it is very difficult to run Cilium Go extensions for Envoy without Cilium. Cilium Go extensions for Envoy are designed to run as controlled by the Cilium Agent. Cilium agent ships a policy to the Go extensions that those extensions use to implement e.g., policy enforcement. Also the mapping of traffic on specific ports to specific parsers in the Go extensions is managed via this network policy controlled by Cilium agent. This means that in order to use the Cilium Go extensions you'd need to:

• use the Cilium build of Envoy, including the CIlium filters and Go extensions interface
• add your Go code to the proxylib directory in the Cilium repo
• build Cilium, which will build a version of the proxylib shared library containing your Go code
• use Cilium Agent to configure a network policy applicable to direct some ports to the go extensions
• the network policy then redirects some traffic sent from a container (egress) or to a container (ingress) to your Go extension as configured