►
From YouTube: Envoy Maintainer Q+A - Matt Klein, Lyft
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Envoy Maintainer Q+A - Matt Klein, Lyft
Come ask questions of the Envoy maintainers in this open ended Q&A! Any and all questions and open ended discussion is fair game!
A
Hey
everyone:
my
name
is
Matt
Klein
I'm
by
maintainer
I've
got
Alyssa
willcare,
also
Envoy
maintainer.
We
don't
have
any
slides
or
anything
like
that.
I
can
give
a
little
short
project
update
if
people
are
interested,
but
mostly
just
going
to
do
an
open
q
a
so.
If
there's
any
questions,
we
can
cover
anything
that
people
would
like
to
cover
and
we'll
get
the
mic
passed
around.
So
I.
Guess
it's
honestly!
It's
really
up
to
all
of
you.
A
Do
you
want
to
just
jump
straight
to
open
q
a
or
would
you
like
to
hear
a
short
update,
small
room,
so
you
can
just
call
out
okay,
let's
see
story
well,
I
mean
it's
been
a
long
time
since
I've
been
at
kubecon.
So
that's
the
first
part
of
the
story.
It's
been
three
years,
so
it's
fun
to
to
see
all
the
changes
and
I
think
Envoy
has
matured
a
lot
in
the
last
few
years.
A
So
you
know
I
think
the
project
now
is
there's
less
new
shiny
feature
development,
and
you
know
we're
spending
a
lot
more
time
just
on
the
nuts
and
bolts
in
terms
of
security,
fuzzing
software
supply
chain
really
just
making
sure
that
the
project
is
stable.
You
know
for
all
the
people
who
are
using
it
some
of
the
major
things
over
the
last
year
or
so
are
investments
in
quick
and
HTTP
3.
That's
now
generally
available.
So
you
know
please
check
that
out.
A
I
already
mentioned
security
and
software
supply
chain,
there's
other
talks
and
people
at
this
conference
talking
about
Envoy
Gateway.
So
that's
our
new
Ingress
project,
that's
not
about
Envoy
proxy,
specifically,
but
that's
a
Ingress
controller
project
built
on
top
of
envoy
that
we
hope
will
make
it
simpler
for
people
to
onboard
onto
using
Envoy
for
kubernetes
Ingress
cases.
A
A
lot
of
work
has
been
happening
with
Envoy
mobile.
So
you
know,
Lyft
is
now
using
that
as
its
mobile
Library
Google
is
heavily
invested.
We
have
other
folks
from
from
different
places,
also
who
are
starting
to
use
it.
So
that's
been
fantastic
and
I'm
sure
I'm
forgetting
things,
but
you
know
it's
a
it's
a
perpetual
motion
of
PRS
and
features.
You
know
across
all
the
different
protocols
that
Envoy
supports,
whether
that
be
redis
or
dubbo
or
various
things
and
I
guess.
A
The
final
thing
that
I
would
mention
is
we
continue
to
put
a
lot
of
work
into
the
build
system
so
CI
release.
It's
been
a
long
standing
request
that
we
ship
things
other
than
Docker
images,
so
I
think.
Finally,
in
the
next
couple
of
months,
we're
going
to
have
packages
for
different
operating
systems,
so
RPMs
and
devs
and
all
of
those
things.
So
hopefully
that
will
make
folks
happy
and
then
a
lot
of
work
continues
on
documentation
and
examples.
A
Envoy,
For,
Better
or
Worse
is
a
a
very
complex
piece
of
software
and
it's
it's
hard
to
make
every
constituency
happy
in
terms
of
the
documentation
and
the
examples
and
all
those
things
so
trying
to
make
that
better.
Where
we
can,
you
know
to
help
people
out
I
think
you
know
that
about
covers
the
General
State
of
things
and
over.
A
You
know
the
next
period
of
time.
I
think
work
will
just
continue
on
all
of
these
axes,
so
you
know
I,
don't
think,
there's
any
major
new
shiny
thing
happening.
People
are
still
working
on
webassembly
people.
We
see
a
continuous
number
of
you
know,
PR's
coming
in
on
various
security
filters,
whether
that
be
oauth
or
you
know,
jot
or
external
authorization
or
external
processing
or
all
those
things.
So
those
are
also
you
know
things
that
are
popular
I,
don't
know
anything
Alyssa
that
you
would
like
to
add.
A
No
okay.
So
that's
you
know,
that's
really
all
I
had
and
we're
happy
to
answer
any
questions
that
anyone
would
have.
So
please
ask
us
anything
happy
to
explain,
Concepts
or
if
there's
you
know
any
problems
that
people
want
to
talk
through
happy
to
do
that
so
happy
to
pass
the
microphone
around.
If
there's
anyone
that
wants
to
start
out.
B
Thanks
as
somebody
who's
new
to
the
to
the
project
in
the
space
and
just
trying
to
start
to
get
engaged
a
little
bit,
is
there
I
know
you
went
over
kind
of
what's
going
on,
but
do
you
guys
have
a
road
map
or
areas
that
you'd
like
to
see
investment
in
like?
How
can
we
engage
with
the
with
the
community
and
and
bring
forward?
Hopefully,
resources
to
help.
A
Sure,
thank
you
great
question.
We
we
get
that
question.
Pretty
often
is
do
we
have
a
road
map
and
the
answer
is
no,
and
let
me
explain
why
I
I
think
Envoy
is
a
bit
of
an
oddity
in
this
ecosystem
and
the
fact
that
we're
not
backed
by
a
vendor.
It's
like
we
we're
really
are
a
truly
community-led
project.
A
None
of
it
is,
you
know,
I
would
say
particularly
like
no
individual
thing
is
particularly
noteworthy,
but
in
aggregate
you
know
it,
it
keeps
the
ship
running.
So
to
answer
your
question
in
terms
of
how
people
can
get
engaged,
what
I
would
say
is
I
think
there's
a
misperception
in
order
to
help
with
Envoy.
You
know
you
have
to
be
like
a
networking
Guru
or
like
a
C
plus
plus
Guru,
or
something
along
those
lines.
A
We
actually
need
the
most
work
and
the
most
help
with
doing
release
management
back
ports,
helping
with
our
CI
system.
You
know
a
lot
of
that
is
like
bazel
and
Python
and
Bash
scripts
and
all
of
those
things
like
typical
devops
type
type
stuff.
We
always
want
to
improve
our
documentation,
as
I
was
mentioning
previously
I've
always
found
it
funny
with
Envoy
that
you
know
on
any
given
week
or
day.
I
will
hear
from
people
that
Envoy
has.
A
You
know
like
the
best
documentation
of
any
open
source
project
that
I've
ever
seen,
and
then
that,
like
Envoy,
is
the
most
awful
piece
of
software.
That
is
the
most
poorly
documented
thing
that
I've
ever
seen.
So
I'm
just
saying
it's
like
you
can't
make
everyone
happy
right
and
we
we
do
the
best
that
we
can
and
I
think
we
care
about
documentation,
but
what
I
always
encourage
people
is
as
you're
ramping
up
on
things.
A
A
We
appreciate
that
very
much
right
and
that
can
range
from
small
fixes
typos
to
clarifications
to
more
cross-linking.
To
now
we
have
a
maintainer
name,
Ryan
who's
done
a
I
mean
he
doesn't
do
C,
plus,
plus
or
Envoy
or
like
networking,
like
literally
all
he
does
is
like
work
on
examples
and
documentation
and
build
tooling
and
he's
done
like
amazing
work,
and
now
we
have
I
mean
I
think
we
have
30
sandboxes.
You
know
if
Docker
compose
that
illustrate
different
features
and
all
those
kinds
of
things.
A
So
you
know
I
mean
like
making
a
new
Sandbox.
That
demonstrates
some
feature
that
you
struggle
to
to
make
work
is
super
useful.
So
those
are
the
ways
that
I
would
say
to
to
get
involved
and
they
typically
don't
require
that
much
effort.
Of
course,
if
there's
features
that
are
missing,
you
know,
and
you
and
you
or
your
team
want
to
help.
Add
them
will
work
with
you.
A
You
know
to
help
design
them
and
give
you
tips
and
all
of
those
things
I
think
the
community
is
very
welcoming
whether
it
be
on
GitHub
or
slack
or
anything.
So
you
know,
hopefully
that
answers
your
question,
but
I
would
say:
there's
there's
plenty
of
ways
to
get
involved
that
aren't
super
time
consuming.
Did
you
want
to
add
anything
Melissa.
C
Something
that
your
company
needs
to
be
done,
but
you
want
to
get
involved
in
the
project.
If
you
look
at
the
open
issues,
you
know
there's
a
lot
tag
with
help
wanted
and
some
that
are
specifically
tagged
with
beginner.
That
are
things
we
thought
would
be
kind
of
easy
hello,
world,
starter
projects,
but
actually
like.
If
we
tagged
it
it's
it's
worth
doing
like
we
would
love
the
help
there.
A
Yeah
and
I
mean
even
even
other
things
like
you
know,
we
we
have
fuzzers
that
run
continuously
on
the
open
source,
fuzzing
engine
and
you
know,
there's
a
lot
of
false
positives
on
there.
Because
writing
puzzers
is
hard,
that's
a
whole
separate
conversation
and
honestly,
we
need
people
to
come
in
and
just
fix
bugs
I
mean
it's
like
there's,
there's
tons
of
ways
to
contribute,
so
I
would
say
you
know
peek
through
some
of
the
issues
and
always
I'm
I
try
to
make
my
make
myself
very
accessible.
A
A
So
Envoy
mobile
was
a
project
started
a
few
years
ago
and
I
mean
essentially
at
a
very
high
level.
It's
you
know.
We
have
all
of
this
code
that
runs
on
mobile
clients,
lots
of
apps
right
that
run
on
IOS
and
Android,
and
when
you
think
about
it
you
know
a
lot
of
us
at
this
conference.
We
are
server,
Engineers
and
historically,
I.
A
Think
there's
a
lot
of
Silo
between
a
quote
server
engineer
and
a
quote
client
engineer
that
I
personally
think
is
counterproductive
because
we're
trying
to
develop
a
product
at
the
end
of
the
day,
the
product
that
people
use
is
the
thing
on
the
phone
or
on
the
web
page
and
a
lot
of
times.
You
know
that
doesn't
work
for
a
variety
of
reasons,
so
you
can
think
that
you
know
the
server
is
returning
a
good
success
rate,
but
it's
broken
on
the
client
for
for
any
number
of
reasons.
A
G
A
It's
part
of
the
Chrome
networking
stack
and
that's
something
that
they've
used
in
other
companies
have
used
for
a
long
time
and
and
a
few
years
ago,
with
so
much
investment
in
Envoy.
We
thought
that
we
could
run
Envoy
on
the
mobile
client
on
IOS
and
Android
and
get
many
of
the
same
benefits
of
envoy
in
terms
of
observability
and
all
of
the
other
features.
A
And
so
that's
the
work
that's
been
ongoing
for
quite
some
time
and-
and
you
know
part
of
that
again
is
a
feature
set.
It's
also
the
fact
that
there's
so
much
effort
and
people
hours
that
are
going
into
working
on
Envoy,
like
hundreds
and
thousands
of
people,
hours
and
years
that
have
gone
into
working
on
Envoy
at
this
point
that
you
know
having
a
single
code
base
that
is
open
source,
there's
a
lot
of
benefits
in
terms
of
understanding.
What
that
actually
looks
like,
but
I'm
gonna.
C
Yeah
so
again,
as
as
Matt
said,
kind
of
getting
the
modern
protocols
was
is
key
for
networking
libraries.
So
if
you
have
any
kind
of
late
sensitivity
or
quality
experience
tied
to
revenue,
doing
that
bundling
gets
you
kind
of
the
the
latest
and
greatest
of
HTTP
2
and
HTTP
3.,
which,
in
our
experience
just
the
quality
experience
Improvement
is,
is
huge.
C
Your
build
at
a
certain
point,
I
think
is,
is
really
really
powerful
and
so
again
we're
focused
on
mobile
right
now,
but
also
again
unwise.
A
client
stack
can
go
beyond
mobile,
so
if
you
have
any
sort
of
kind
of
remote
devices
internet
of
things,
you
know
you
can
kind
of
fetch
schwasm
via
XDS
and
install
your
local
application
and
do
that
all
over.
C
With
with
my
mobile,
the
envoy
client
stack
so
we're
mobile
focused
today,
but
but
I
think
again
having
the
observability,
the
plugability
and
the
modern
networking
stack
of
envoy
end-to-end
is
is
really
powerful.
So
for
roadmap.
Again
we
do
have
a
roadmap
for
online
mobile
because
we've
been
pretty
tightly
coordinated
with
left
on
on
what
we've
been
doing
so
and
there
there
is
a
talk.
C
This
should
be
like
fully
drop-in
replacement
for
for
that
networking
stack
and
then
we're
now
pivoting
to
focusing
on
binary
size
because
to
roll
out.
We
want
it
to
be
as
small
as
possible
and
then
there's
a
bunch
of
other
latency
enhancements
in
terms
of
like
kind
of
DNS
HBS
records
that
get
you
like.
A
little
tiny
bit
extra
hdb3
doing
a
little
better,
better
job
with
HP
prefetching.
C
A
Yeah,
so
software
supply
chain
I
mean.
Obviously
this
is
a
big
industry
problem
right
now,
I
mean
I,
think
it's
great
that
it's
getting
a
lot
more
awareness
Envoy
in
some
ways,
ironically,
because
it
is
C
plus
plus,
has
I
think
less
software
supply
chain
issues
than
some
other
ecosystems
again,
ironically,
because
it's
so
much
more
difficult
to
actually
integrate
dependencies
than
in
other
languages.
So
yay.
A
So
you
know,
I
I
think
we
have
less
problems
in
some
ways,
but
we
have
the
same
problems
in
the
sense
that
you
know
Envoy,
even
though
we've
done
again
not
me,
but
we
have
great
people
that
have
spent
a
lot
of
time.
Developing
Tooling
in
CI
to
you
know,
list
out
all
of
our
dependencies
and
check
them
with
Shaw's
and
I
mean
it's
like
it's.
A
lot
of
work
has
gone
into
this
and
I.
A
Don't
know
the
current
number,
but
Envoy,
maybe
you
know,
but
it's
like
I
mean
easily
50
or
60
transitive
dependencies.
The
envoy
depends
on
you
know,
and
that's
obviously,
across
the
entire
code
base,
in
terms
of
like
tests
and
different
extensions
and
whatever
but
I'm
sure,
the
core
code
that
everyone
uses
probably
depends
on
like
10
or
20
different
dependencies
and
those
are,
and
those
are
different.
Libraries
and
the
the
problem
that
we
have
is
that
in
from
the
envoy
side,
we
take
security
really
seriously.
A
I
mean
we
have
to
Envoy
is
run
a
lot
of
places
and
people
that
run
it.
You
know
want
it
to
be
a
secure
piece
of
software
and
if
we
take
the
security
really
seriously,
but
the
dependencies
don't
take
it
very
seriously,
it
kind
of
defeats
the
entire
purpose
right
that
that's
the
problem.
So
there
are
certain
dependencies
that
we
have
that
are
more
critical
than
others.
A
So,
for
example,
the
HTTP
parsers
are
very
critical
from
a
security
perspective
and
historically
Envoy
you
know,
used
the
HTTP
parser
from
joy
in
which
which,
like
is
deprecated,
and
then
we've
used
NG
HTTP
2,
where
the
maintainer
of
that
Library,
like
refuses
to
work
with
us
on
any
security
process.
So
yeah
I
mean
it's.
It's
not
safe
from
a
supply
chain
perspective,
so
that's
one
area
where
you
know
Google
has
been
investing
a
tremendous
amount
of
time
and
basically
getting
us
off
of
those
libraries.
A
So
it's
it's
honestly,
it's
subjective
right
and
it's
like
we
have
a
scorecard
that
we
apply
to
all
of
the
all
the
dependencies
that
runs
in
an
automated
way.
So
it
looks
for
things
like
how
many
you
know:
PR's
had
approvals
or
code
reviews
or
like
do.
They
have
a
security
release
process
and
all
of
those
things,
but
it's
a
really
imperfect
process,
because
you're
you're,
you
know
kind
of
like
you're
weighing
do
you
rewrite
something
which
has
its
own
risks?
A
A
So
it's
like
what
I
would
say
is
that
you
know
this
is
another
area
of
contribution.
You
know
where
the
tooling
around
this,
to
help
visibility
to
identify
low
performing
dependencies
and
potentially
replace
them,
is
important
and
or
some
dependencies
they
themselves.
This
is
open
source,
they
need
maintainers
right,
so
I
mean
actually
identifying
some
of
the
dependencies.
You
know
that
also
need
maintainers
and
code
reviews
and
all
of
those
kinds
of
things
you
know,
that's
that's
an
area
of
like
General
contribution
and
that's
kind
of
what
I
was
saying
before.
A
D
A
So
I
guess
this
is
another
General
topic
that
I
don't
even
know
the
current
number.
But
Envoy
has
like
a
million
lines
of
code
now,
I
mean
which
is
like
incredible
to
me
and
that's,
including
you
know,
all
the
tests
and
the
extensions
and
everything
else
I
mean
it's:
it's
a
pretty
large
code
base
and
that
obviously
causes
issues
for
us
in
terms
of
CI
costs
and
speed
and
a
bunch
of
other
things.
A
So
the
reason
that
I
bring
that
up
is
that,
depending
on
the
protocol,
you
know
if
it's
a
it's
like
a
one-off
thing
for
your
company
I,
don't
know
what
we're
talking
about
right,
but
if
it's
a
thing
that
no
one's
going
to
use
other
than
than
you
or
your
company,
you
know
we're
less
likely
to
want
to
bring
it
Upstream.
So
what
I
would
say
first,
is
you
know,
probably
open
an
issue
and
and
have
the
conversation
around
what
that
looks
like
we
do
also
have
something
called
contrib
at
this
point.
A
So
I
would
say
you
know
start
by
start
by
opening
the
issue
and
having
that
conversation,
the
the
other
side
of
this
issue
is
Envoy.
Today
still
does
not
do
Dynamic
loading
of
extensions.
This
has
been
an
issue.
That's
been
open
for
seven
years.
There
are
pros
and
cons
to
static
compilation
versus
Dynamic
loading.
The
project
is
not
opposed
to
Dynamic
loading,
but
again
there
are
pros
and
cons
so
I'm,
just
trying
to
give
you
like
the
general
picture
of
what
we're
looking
at
right
now.
A
Obviously,
Lua
is
an
option
for
some
extensibility
web
assembly
is
an
option
for
some
extensibility
I
believe
soon.
In
the
next
few
months
there
will
be
a
go
extension
model
also
where
it's
not
tiny,
go
it's
not
web
assembly.
It's
like
full
go
that
will
run
via
seago.
There
have
been
companies
actually
that
have
for
years
done.
A
This
they've
run
go
extensions
within
Envoy,
but
none
of
them
have
been
upstreamed,
so
I
I
and
there
is
a
company
in
China
I,
think
ant
Financial,
who
wants
to
Upstream
that
that
would
be
another
Avenue,
for
example,
of
like
getting
some
of
that
extensibility
in
there.
But
it
probably
depends
on
on
on
the
use
case.
E
E
H
C
So
it's
not
that
not
that
a
lot
extra
thing
for
internal
listeners
is
imagine.
You
have
hdb
traffic,
that's
encapsulated
in
Connect.
So
if
you're
not
familiar
with
connect,
you
have
your
kind
of
connect,
google.com
and
then
inside
of
that
the
the
payload
of
that
is
another
HTTP
request,
and
you
want
to
process
that
so
the
way
to
do
that
in
Envoy.
Is
you
literally
do
three
passes
in
Envoy?
You
do
one
to
strip
off
the
connect,
headers
and
then
you'd
like
forward
it
to
loopback
I.
C
Think
you'd
do
another
one
to
process
that
internal
payload
and
then
you
might
have
to
do
world
war
pass
to
re-encapsulate
right
and
so,
as
liaison
said,
it's
a
it's
a
big
performance,
optimization
to
not
have
to
go
through
loopback,
but
the
other
addition
yeah
and
again,
there's
shortcuts.
You
can
do
if
you're
like
a
power
user
to
not
do
three
full
passes,
but
you
know
if
you're
doing
HTTP
2
connect
like
you
really
can't
bypass
that,
like
you
have
to
like
demux
and
then
decapsulate
and
then
forward
it
through
another
pass.
C
The
other
nice
thing
about
doing
the
internal
listener
is
you
can
actually
then
not
just
pass
that
payload,
but
also
pass
metadata
about
the
original
request
about
like
dusted
the
original
destination
IP
or
you
know,
if
you
did
like
PDF
sniffing
or
anything
that
you've
done
kind
of
inspection
on
that
original
connection,
you
can
pass
that
as
metadata.
You
know
essentially
for
that
and
have
it
go
all
the
way
through
to
the
end,
so
that
that
can
be
helpful
kind
of
additional
data.
C
B
A
A
Envoy
does
already
today
support
offload
engines
for
signing,
so
it
supports
Hardware,
Hardware
security
modules
and
those
types
of
things.
I
actually
don't
know
off
top
my
head.
What
is
in
trade,
do
You
Know
lesson.
Is
there
anything
actually
like
entry
for
HS
HSM?
Or
is
it
all
people
that
have
done
external
Integrations?
A
F
F
G
An
email
to
today
to
the
to
the
users
list.
We
have
other
skills
like
connectivity
issues
to
Upstream
when
we're
having
a
lot
of
connections.
But
then,
if
the
love
doesn't
say
anything
else
just
cannot
connect
and,
and
there's
issues
like
this,
that
I
don't
know
if,
like
increasing
some
level,
some
logs
to
a
higher
level
would
be
helpful
for
people
to
to
not
having
to
I.
Don't
know
it
involves
changing
the
log
levels.
Looking
at
the
logs,
it's
hard,
I,
don't
know
if
it's
just
something
other
people
have
an
issue
with.
A
Basically,
that
has
potential
debugging
issues
and
there's
actually
been
a
lot
of
work,
or
you
know,
thought
that's
been
put
in
over
time
in
terms
of
how
to
either
make
things
a
bit
more
obvious
in
terms
of
back
off
logging,
like
only
logging,
every
so
often
or
more
information
in
logs
or
being
able
to
turn
on
logs
temporarily
on
a
on
a
per
request
basis,
I
think
without
knowing
the
specific
issue.
It's
like
it's
hard.
A
C
Yeah
I
think,
as
Matt
said
earlier,
a
lot
of
the
time.
You
know
we
we
get
improvements
as
the
community
wants
it.
So
you
know
when,
when
Google
joined,
we
basically
took
everything
that
we
used
for
debugging,
GFE
and
ported
it
over
to
Envoy
right,
and
so
that
was
a
lot
of
like
the
response
details,
for
why
is
an
individual
request,
failing
adding
more
annotations
and
these
all
go
into
access
logs?
Not
the
you
know
the
standard
error
logs.
You
know
adding
more
verbose
logging,
adding
the
the
error
log.
C
So
when
something
unexpected
happens,
that
automatic
does
a
power
of
two
back
off.
You
know
one,
you
know
log
once
but
don't
overwhelm
so
so.
I
think
again
like
as
we've
encountered
issues
we
you
know
inevitably
sometimes
will
have
to
do
like
our
own
custom
builds
with
a
little
bit
of
extra
sprinkle
information,
and
then
we
try
to
Upstream
that
so
so
I
think
in
general
you
know
a
lot
of
people
in
the
end,
like
I
mean
it'll
reach
out
for
help
with
debug,
and
we
try
to
help
them.
E
So
I
was
going
to
suggest
to
the
question
about
adding
new
protocol
support
that
the
this
is
something
called
Iraqi
that
has
like
a
meta
protocol.
Do
you
know
what
I'm
talking
about
no
okay?
Well
anyway,
I
was
the
reason
I
wanted
to
ask
is
if
you
had
an
opinion
on
it.
It's
these
people
have
added
like
a
filter
that
allows
to
do
meta
protocol
definitions,
so
you
don't
have
to
write
new
filters
and
I
just
thought.
I'd
get
your
take
on
it,
but
if
you
haven't
seen
it
don't.