Skip to content

EnvoyFilter Samples

John Howard edited this page Sep 27, 2019 · 4 revisions

EnvoyFilter

This doc showcases some example EnvoyFilter configs. Use at your own risk; see warnings on the docs before using any of these.

HTTP2 Flow Control

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: h2-control
spec:
  configPatches:
  - applyTo: CLUSTER
    patch:
      operation: MERGE
      value:
        http2_protocol_options:
          initial_stream_window_size: 65536
          initial_connection_window_size: 65536
  - applyTo: NETWORK_FILTER
    match:      
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
          http2_protocol_options:
            initial_stream_window_size: 65536
            initial_connection_window_size: 65536

Tracing and Access Logging

Here we are setting up a 99.9% random sampling rate at each sidecar within the mesh, as well as turning on access logging with a custom log format. An additional config is added for configuring route-level tracing at the gateway.

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: trace-sampling
  namespace: default
spec:
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: ANY
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
          tracing:
            random_sampling:
              value: 99.9
          access_log:
            - name: envoy.file_access_log
              config:
                path: /dev/stdout
                format: '%REQ(:METHOD)% %PROTOCOL% %RESPONSE_CODE% %RESPONSE_FLAGS%'
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: bookinfo-gateway-sampling
  namespace: istio-system
spec:
  configPatches:
  - applyTo: HTTP_ROUTE
    match:
      context: GATEWAY
      routeConfiguration:
        portNumber: 80
        vhost:
          name: "*:80"
    patch:
      operation: MERGE
      value:
        tracing:
          random_sampling:
            numerator: 9990
            denominator: TEN_THOUSAND

Use Remote Address and XFF Num Trust Hops

TODO: explain why this is useful

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: xff
  namespace: istio-system
spec:
  configPatches:
  - applyTo: NETWORK_FILTER
    match:
      context: ANY
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
    patch:
      operation: MERGE
      value:
        typed_config:
          "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
          use_remote_address: true
          xff_num_trusted_hops: 1
Clone this wiki locally
You can’t perform that action at this time.