►
From YouTube: Episode 15: Envoy + External Services
Description
Join Yuval Kohavi in our next Hoot Live Episode! In this episode we'll examine how to extend's envoy functionality using external services to enable authorization, rate-limiting and observability.
About us https://www.solo.io
Questions? https://slack.solo.io
Code Samples: https://github.com/solo-io/hoot
Suggest a topic to cover here: https://github.com/solo-io/hoot/issues/new?title=episode+suggestion:
A
All
right,
hello,
everybody
welcome
to
another
episode
of
hoot,
where
we
cover
things
like
envoy,
hco
technology.
You
all
care
about
today,
we're
gonna
talk
about
enway
and
integrating
external
services.
Hopefully
you
like
the
topic.
We
have
as
always
a
little
bit
of
presentation
a
little
bit
of
a
demo
and
everybody
in
the
chat
first
feel
free
to
say
hi,
so
I
know
you're
there
and
then,
if
you
have
any
questions,
feel
free,
of
course,
to
ask
them
live,
and
I
will
try
and
answer
them
live
right
here
on
the
stream.
A
So
all
the
code
is
also
of
the
demo
is
also
in
our
github
repo.
So
if
you
want
to
follow
along,
you
can
go
to
github,
so
the
share,
slash
shoot
and
you
will
see
the
code
right
there
and,
of
course,
if
you
like
what
you've
seen
a
share
with
a
other
people
and
subscribe
to
our
channel-
and
we
do
these
hoots
every
two
weeks
or
so
and
kind
of
trying
to
get
people
more
educated
about
you
know
cloud
native
technologies,
all
right
and
with
that
assuming
everything's
good.
A
A
All
right
so
android
and
external
services,
let's
start
with,
why
do
we
even
need
those
so
envoy
as
a
as
a
component
on
its
own
is
stateless
right?
It
doesn't
have
any
state
that
it
holds
long
term.
So,
if
you're
doing
anything
in
your
application
requires
some
global
state
or
some
mutable
state
you,
you
probably
need
an
external
service
in
order
to
achieve
that
right,
so
examples,
the
rate
limiting
where
you
have
a
counter
that
is
updated
on
each
request.
Right,
so
android
cannot
store
data
on
its
own.
A
A
So
these
are
examples
of
why
you
want
it
in
the
request
path.
There's
also
examples
why
you
want
external
services
outside
the
request
path,
a
telemetry
control
observability,
you
know
you
want
logs
metric
traces.
Xds
is
kind
of
an
external
configuration
service.
That's
used
to
control
a
envoy
all
right
so
far.
If
there's
any
questions
feel
free
to
type
them
in.
A
Let's
talk
a
little
bit
about
trade-offs,
so
obviously,
if
you're
doing
a
calling
an
external
service
in
the
request
path,
there
will
be
latency
implications
right,
making
a
network
call
costs,
latency
and
probably
around
a
millisecond.
It
could
be
more
could
be
less
obviously,
depending
on
your
setup.
It's
kind
of
like
of
a
rule
of
thumb
here
and
in
addition,
network
call
represents
a
new
opportunity
of
failure.
Right
and
I
think
a
large
portion
of
cloud-native
and
distributed
systems
is
understanding
and
observing
failures
in
general
right.
A
So
when
we
introduce
a
new
network
call,
we
introduce
a
new
point
where
the
system
can
fail.
So
we
need
to
understand
how
it
behaves
on
failure
and
whether
or
not
we
can
observe
these
failures
right.
If
we
can
get
alerts
on
them
see
if
anything
is
unusual,
so
we
can
mitigate
issues
as
they
come
up
all
right.
So
let's
talk
a
little
bit
about
the
services
existing
in
android
today.
Now
this
is
not
an
exhaustive
list.
Just
a
few
examples.
A
Before
we
get
to
kind
of
a
live
demo
kicking
the
tires
a
little
bit
so
in
envoy
we
have
a
wealth
of
existing
external
services
that
I
don't
really
natively
support.
So
let's
start
with
external
auth.
So
this
is
the
probably
the
most
popular
integration
that
I
see
for
envoy
right
and
we
can
issue
a
check
request
to
an
external
authorization
service.
A
So
yes-
and
it
also
supports
configuring
external
authorization,
because
this
is
so
popular-
you
know
our
our
product
glue,
supports
external
authorization
and
allows
you
to
expand
abilities
to
android
like
opa
open
id
connect.
So
this
is
the
one
is
very
popular
now.
This
is
on
the
request
path
right
to
use
it,
you'll
need
to
use
a
filter
and
when
we
go
to
the
demo
part
we'll
show
you
know
how
it
looks
in
the
android
configuration
how
you
add
the
filter.
A
So
what
happens
if
it
fails,
if
it
fails
by
default,
the
request
is
rejected.
Right,
there's,
no
retries,
there's
nothing
along
these
lines.
For
external
log.
The
request
will
simply
be
rejected
with
a
default
error
code.
I
think
the
default
is
403
and
this
is
tunable.
You
can
change
the
error
code.
You
can
change
whether
it
will
fail
at
all.
A
You
can
configure
it
to
be
allowed
on
failure,
and
so-
but
this
is
just
the
default
behavior
and
again
in
demo,
we'll
see
how
to
configure
this
and
a
you
know
a
really
simple
example
of
an
external
server,
so
rate
limiting
rate
limiting
is
a
also
it
can
be.
So
annoying
has
several
types
of
very
limiting,
there's
some
very
limiting
filters
that
do
not
call
out
to
an
external
service.
A
A
A
So
this
is
also
on
the
request
path.
You
android
makes
a
call.
It's
called
should
rate
limit
to
a
grpc
service
and
if
it
passes,
the
request
is
allowed.
If
it
does
not,
the
request
is
denied,
unlike
external
oauth,
in
a
failure
case
and
and
when
I
say
failure,
it
means
not
that
the
check
itself
didn't
pass.
It
means
that
you
fail
calling
the
service
some
network
failure.
A
A
A
Now
we
have
the
request
going
upstream,
a
response
there.
The
stream
is
at
the
http
stream,
meaning
they
the
request
and
response
are
now
over.
Let's
see
what
what
happens
next
and
that's
why
we
have
here
exercise
so
envoy
has
and
I've
I've
shown
this
on
previous
suits.
You
can
access
log
to
a
file
to
stb
out
and,
if
you're,
using
kubernetes,
that's
probably
what
you're
doing
right
now,
anyway
outputting
to
std
out,
and
you
know,
having
the
the
system
take
care
of
it.
A
You
can
also
provide
access
talks
to
a
grpc
service,
and
you
can
also
do
both
at
the
same
time.
So
you
can
output,
let's
say,
for
example,
all
your
access
logs
to
std
out
and
in
addition,
some
of
the
excess
log.
You
can
apply
a
filter.
Let's
say
all
the
requests
that
are
403
or
all
requested
are
500
or
all
the
requests
period.
Whatever
you
want,
it's
configurable
right
and
log,
those
to
a
grpc
exercise
service
right,
so
you
can
kind
of
get
more
advanced
logic.
A
If
you,
if
you
care
about
that
or
more
real
time,
even
though
it's
not
exactly
real
time,
and
so
you
can
do
either
you
can
do
both.
You
can
do.
Neither
but
with
the
exercise
service
and
we
will
stream
the
accessor
in
jrpc
I
in
a
protobuf
message
to
a
jrpc
access
log
service
or
in
the
android
docs.
It's
referred
to
as
als
access,
lock
service,
all
right,
and
that
will
happen
according
to
the
filter.
You'll
get
you
know
every
request
that
has
a
nexus,
so
it
will
be
streamed
to
that
filter.
A
A
How
are
you
using
envoy
if
you're
using
android
directly,
you
can
just
go
to
the
android
docs
and
I
show
some
of
them
in
a
second
and
we
can
talk
about
how
you
know
I
showed
the
different
tweaks,
but
essentially
each
of
these
external
services
has
a
corresponding
configuration
in
envoy
with
a
lot
of
knobs.
You
can
tune
right
so
with
exos
and
red
limit.
I'll
actually
show
external
of
configuration
in
in
a
second
and
you'll,
see
how
to
change
the
default
behavior
there
all
right
next
metric
services.
A
So,
as
you
know,
android
has
a
stats
page.
We
also
show
that
in
previous
suits
in
the
start
page,
you
can
get
access
to
metrics
in
an
android
format
in
a
prometheus
format.
In
addition
to
that,
you
can
also
export
metrics
to
a
grpc
service.
You
can
also
do
it
to
statsd,
but
we'll
focus
on
the
metric
service
jrpc
service
in
this
suit
and
what
it
does.
It
actually
gets
all
the
metrics
into
a
grpc
message.
A
You
probably
guessed
by
now
and
sends
them
to
to
a
proto
message
and
sends
them
through
a
grpc
service
on
every
interval
right
so
rate
limit
access.
Log
x,
author
happening
on
a
request
basis.
Metric
service
gets
flashed
to
the
grpc
service
on
an
interval.
So
every
thing
the
default
is
a
few
seconds
you'll
new,
the
metrics
will
be
sent
right.
A
So
again,
it's
also
something
if
you
have
some
custom
integration
that
you
need
metrics
for
you
can
use
that
one
more
service.
I
want
to
talk
about
because
it's
kind
of
a
different
style
of
communication
is
hds,
we're
not
going
to
demo
hds,
but
just
going
to
talk
about
it
a
little
bit
so
hds
is
health
discovery
service
and
what
it
allows.
A
A
Often
you
have
this
problem
and
say:
okay,
all
the
envoy
perform
health
checks
to
all
the
upstream.
It
might
increase
the
chatter
in
the
network
a
lot,
so
this
is
kind
of
a
way
to
mitigate
that.
You
assign
one
envoy
to
report
the
health
status
as
it
observes
it
to
the
management
and
the
management
can
then
propagate
the
health
status
to
other
envoys
using
eds.
A
So
this
is
health
discovery,
service
and
the
reason
I
I'm
mentioning
it
just
because
it's
a
different
communication
style.
It
is
kind
of
like
an
xds
style
protocol
where
xcs,
when
you
think
about
it,
is
a
means
to
synchronize,
essentially
state
or
date
or
structure.
Right,
it's
a
protobuf
for
that
matter,
so
angry
synchronizes,
the
health
status
that
it
observes
to
the
management
plane
with
hds.
A
Now,
in
addition
to
the
services,
we
talked
about,
there's
a
bunch
more
services
and
there's
a
extension
configuration
discovery
service
where
you
can
use
it
to
provide
a
an
android
filters,
configuration
from
a
different
management
plan
than
the
main
management
plan,
load,
reporting,
service,
client
status,
discovery
service,
I'm
not
going
to
go
into
all
of
those.
In
addition
to
what
exists
in
android,
you
can
use
wasm
to
implement
your
own
service,
whether
in
the
request,
path
or
outside
the
request
path,
and
maybe
we'll
leave
that
to
another
hoot.
A
If
people
want
to
see
how
it's
done
in
wasim,
if
you
want
to
see
it,
go
to
our
hoot
repo
and
do
an
episode
request
and
say
that
you
want
to
see
that
that
way.
I
can
know
that
it's
something
you
know
a
topic
you're
interested
in,
and
you
know
if
you
see
an
episode
suggestion
that
you
like,
like
do
a
vote
up.
So
we
know
there's
like
more
interest
in
that.
A
A
A
So
if
your
your
use
case
requires
some
external
configuration,
you
can
kind
of
see
what
language
supports
through
browsing
this
list
now,
as
I
said,
I'm
going
to
show
the
external
authorization
configuration-
and
this
is
how
you
configure
android
to
use
external
authorization,
and
I
just
want
to
show
how
you
can
tweak
the
behavior.
So
you
can
see
here
that
you
have
status
on
error,
which
is
the
status
that
gets
returned
on
error
and
by
default
it's
403
forbidden.
A
A
A
A
A
So
let's
see
what's
happening
here
so
first
thing
in
the
bootstrap
configuration
we
define
a
statsing
with
the
metric
service
and
one
thing
you'll
see
in
all
these
services
is
kind
of
this
grpc
service
definition.
This
is
kind
of
a
stanza
in
android
that
will
repeat
itself,
so
we
send
in
it
to
a
grpc
service.
We
use
v3
version
of
the
api
and
I
didn't
put
any
more
configuration
here,
but
this
configures
envoy
to
send
metrics
to
this
external
grpc
service
all
right.
So
this
is
testing.
A
As
you
can
see,
it's
a
top
level
object
in
the
bootstrap
config.
So
it's
a
configuration
that
applied
across
envoy
across
all
the
listeners
in
envoy
all
right.
Next
up
we
go
to
listeners
and
in
the
listener
we
have
the
http
connection
manager
and
in
the
http
connection
manager.
You
can
see
that
we
have.
A
One
sec:
this
is
not
the
hcm
that
I
wanted
here
we
go.
You
can
see
that
we
have
access
logs
and
accessories
a
list,
so
it
can
be
more
than
one
like.
I
said
if
you
want,
you
can
have
jrpc
in
addition
to
file,
and
you
can
see
that
we
define
an
http
grpc
access
log
and
you
can
see
that
we
have
configuration
for
it
a
common
config.
A
I
just
give
it
a
log
name,
because
I
have
to
and
again
it's
the
same
jpc
stanza
and
I'm
just
reusing
the
same
service
to
implement
all
those
services
right.
So
this
is
how
you
would
define
an
access
log
that
goes
out
to
jrpc
right,
so
access
logs
are
defined
in
the
http
connection
manager,
there's
a
list
of
exesog.
In
addition
to
name
and
type
config,
there
is
a
filter.
You
can
specify
it.
A
A
We
have
a
log
name,
we
we
also
can
add
more
properties
here,
like
you
know,
which
extra
headers
to
log
filter
state
we
want
to
log,
you
can
look
at
the
android
documentation
to
get.
You
know
the
full
tweaks
and
knobs
you
heavier
all
right.
So
these
are
the
two
services
that
are
outside
the
request
path.
Now
we'll
go
into
a
red
limit
and
xoth,
and
because
they're
in
the
request
path,
we
know,
there's
got
to
be
a
filter
implementing
them
right.
So
let's
go
to
that
part.
A
So
you
can
see
here
we
have
http
filters
and
the
first
filter
is
external
off.
So
you
see
we
define
external
author
with
the
type
config
now
the
tab.
Config
is
the
one
that
I
showed
the
docs
for
right.
So
if
you
want
to
change
the
failure
behavior,
you
would
do
it
right
here
right.
So
here
you
could
do
failure
mode,
allow
right
if
you
wanted
to
so
this
is
how
you
customize
the
default
behavior
right.
A
Next
we
have
the
raid
limit
service
and
again
the
grpc
service.
Stanza
is
the
same.
I
define
a
rate
limit
service,
we
define
a
domain.
This
is
just
part
of
the
raid
limit
api
and
again
we
can
I'm
not
going
to
talk
too
much
on
how
raid
limit
works
could
get.
That
can
also
be
a
hoot
on
its
own.
It's
there's
more
to
cover
there
than
we
have
this
with
them.
A
We
have
time
on
this
hoot
and,
in
addition
to
defining
the
the
configuration
here,
one
other
thing
we
defined
for
limiting
is
the
rate
limit
descriptors
on
the
route
and,
again
we're
not
going
to
talk
about
it.
This
much,
but
it's
just
necessary
for
raid,
limiting
to
work
to
have
some
descriptors
either
on
the
route
or
in
the
virtual
host.
A
So
the
main
decoy
is
that
these
services,
this
external
services
that
are
on
the
request
path,
are
implemented
as
filters
right
and
if
you
want
to
implement
your
own,
then,
if
you're
implementing
something
on
the
request
path,
you
would
do
it
as
a
filter,
for
example,
wasn't
filter
and
if
you're
not
doing
it
in
the
request
path,
you
would
do
it.
You
know
where
relevant
and
as
a
bootstrap
extension
or
as
an
exist,
but
you
know
you.
A
My
main
goal
is
for
you
to
kind
of
understand
the
the
envoy
architecture,
so
you
know
better
how
to
customize
it
for
your
use
case
and
finally,
as
always
with
http,
we
have
the
router
filter.
We
have
to
have
the
router
folder
in
the
end
of
http
configuration
and
because
the
other
folder
is
the
filter
that
sends
request
upstream-
and
let
me
just-
and
here
we
go
sorry
here-
we
go
so
so
that's
it
a
clusters.
A
We
have,
you
know
some
cluster.
I
call
it
some
cluster
in
our
case.
We're
just
going
to
do
python
http
server
to
just
have
something
serving
on
that
port
and
the
external
services
cluster,
which
will
start
in
a
second,
and
you
can
see
that
the
important
part
here
is
to
add
the
http
to
protocol
options,
because
it's
a
grpc
service
and
grpc
is
only
available
with
http
2.
A
A
A
All
that
I
do
is
implement
all
those
grpc
services
right.
So
I
use
the
go
control
plane.
The
the
protos
are
generated
to
go
code
there.
So
I
import
that
and
then
I
just
implement
them,
and
you
see
I
pretty
basic
implementation,
insured
rate
limit.
I
just
you
know
print
that
I
read
limit
return,
okay
in
check.
I
also
just
print
that
receive
a
check
request,
return,
an
empty
message
which
means
okay
here
in
stream,
access
logs,
unlike
the
check
and
the
and
the
rate
limit.
A
This
is
a
streaming
request,
meaning
that
android
sends
multiple
messages
on
the
same
jrpc
stream.
So
again
we
just
print
the
path
and
the
response
code
and
in
metrics
I
just
pick
a
specific
matrix,
because
there
are
a
lot
of
metrics
that
will
flood
the
output.
So
I
just
print
the
request
total
for
the
sum
cluster
upstream
and
I
print
the
counter
of
that
metric.
A
All
right,
so,
let's
see
it
live
once
I
do
a
curl.
Let's
get
this.
Hopefully
the
font
size
is
big
enough.
You
can
see,
we
get
the
request
from
the
python.
You
can
see
a
received,
a
check
request,
which
is
the
external
auth
filter,
the
first
one
in
the
chain
we
receive
the
rate
limit,
request
the
filter
after
it
in
the
chain
and
if
I'll
change
the
filter
order,
the
order
of
these
lines
will
be
swapped
accordingly,
all
right.
So
this
matches
the
filler
chain
ordering
order
is
important
on
the
filter
chain.
A
You
can
see
that
we
received
the
x's
log
in
the
path
slash
and
the
response
code
was
200..
So
this
is
when
the
request
is
over.
The
access
logs
are
created
and
then
you
can
see
metrics
and
if
you
recall,
metrics
are
flushed
on
an
interval.
So
you
see
that
every
interval
more
matrix
data
is
arriving,
and
in
this
case
the
request
count
is
one,
but
I
can
do
another
request
and
you
can
see
the
same
lines
are
printed
again
and
requests
went
up
to
two.
A
A
A
So,
let's
talk
about
how
it
looks
like
inside
kind
of
envoy
how
how
it
works.
So
let
me
share
my
drawing
screen
any
questions
so
far.
Does
that
all
make
sense
with
the
code
with
the
android
config
feel
free
to
ask,
so
let's
draw
a
little
bit
so
we
have
here
a
request
coming
so
first
we
have
a
user
right.
A
A
A
Right,
so
this
is
a
check
request
now.
This
is
what,
when
I
said,
increased
latency.
While
this
check
request
is
in
progress,
the
original
request
is
halted
right,
so
the
time
that
it
takes
the
check,
request
to
go
and
the
time
it
takes
for
the
external
service
to
process
the
request,
it's
all
adding
latency
to
the
request
right.
So
the
service
makes
a
decision
returns,
a
response
to
the
xod
filter
and
then
the
excel
filter
allows
the
request
to
continue
down
the
chain.
A
It
makes
it
to
the
rate
limit,
filter
rate
limit
filter
does
the
same
goes
to
the
external
filter
external
service,
which
should
rate
limit
rate
limit
and
again
gets
a
holds.
The
request
it
doesn't
make
any
progress
in
the
chain.
Request
comes
back
to
the
right
limit.
Folder
the
regular
filler,
assuming
it's
allowed
allows
the
request
to
continue
down
the
chain
it
arrives
to
the
router
filter.
A
The
router
filter
sends
it
to
the
upstream
cluster.
In
our
case,
it's
the
python
service
that
you
know
lists
the
files
on
the
current
directory,
but
it
could
be
anything
for
that
matter.
At
stream
does
whatever
processing
it
needs
to
do
sends
it
back
to
the
router
filter,
the
request
reverses
back
in
the
filter
chain
and
when
the
request
is
done,
the
hcm
filters
actually
right
here
in
the
beginning
of
the
chain,
sends
the
the
access
log
also
excess
logs
request
a
I
save
a
question
for
low
latency
request
response.
A
All
external
services
should
be
near
envelope.
Yes,
that's
correct,
for
example,
in
glue
we
have
an
option
of
deploying
the
external
auth
service
as
a
sidecar
to
envoy
and
use
unix
sockets
to
communicate.
So
if
you
have
something
where
you
need
to
use
external
auth
for
some
reason,
but
you
want
it
latency
sensitive,
we
can
tweak
that
and
there's
also
connection
parameters.
You
can
tweak
in
the
android
cluster
definitions.
A
So
there's
a
lot
of
you
know:
knobs
you
can.
You
can
tune
to
kind
of
help,
help
manage
the
the
latency
all
right.
So
all
this
stuff
happens
in
the
worker
thread.
Lastly,
once
everything
is
done,
metrics
a
histogram's
counter
are
kind
of
flashed
and
the
main
thread
every
interval
sends
the
metrics
also
to
the
external
service.
A
So
I
hope
this
kind
of
this
rough
visualization
makes
sense.
I
I
got
this
tablet
specifically
to
draw
stuff
for
you
in
the
hood.
So
let
me
know
if
you
like
the
concept,
I
can't
get
a
refund
anymore,
if
you
don't
so,
hopefully
you
like
it,
but
that's
kind
of
the
flow
of
information
as
far
as
envoy
kind
of
threads
and
filters
kind
of
this
is
how
it
works.
A
All
right
yeah,
so
this
is
basically
all
I
have
for
today.
If
there's
any
questions
feel
free
to
drop
them
in
the
chat
or
leave
a
comment,
and
I
will
monitor
the
comments
in
the
next
few
days.
So
if
you
have
any
questions,
feel
free
to
ask
also
feel
free
to
go
to
our
github
repo.
So
just
an
episode,
you
know
the
code
is
there,
you
can
look
at
the
examples
and
leave
us
some
feedback.