envoy

Initialize a configuration file

$ envoy init [host_name]

$ envoy run [task_name]

$ envoy run --path [path/to/directory] [task_name]

$ envoy run --continue [task_name]

$ envoy run --pretend [task_name]

$ envoy ssh [server_name]

envoy [-c config-file] [--mode serve|validate|admin] [options]

-c, --config-path PATH
    Path to the bootstrap configuration file (YAML/JSON)

--mode serve|validate|admin
    Run mode: serve (default proxy), validate config, or admin only

--allow-unknown-fields
    Permit unknown fields in bootstrap config

--admin-address-path PATH
    Path to file storing admin interface bind address

--base-id BASE_ID
    Base ID for hot restart epoch and stats

--cluster NAME
    Name of the upstream cluster managing this Envoy

--component-log-level LEVEL
    Log level per component (trace/debug/info/warn/error/critical)

--concurrency NUM
    Number of worker threads to run

--cpuset-threads CPUSET
    CSV list of CPUs for worker threads

--drain-time-s SECONDS
    Time for graceful drain on shutdown

--file-flush-interval TIME_SPEC
    Interval for flushing access logs

--hot-restart-epoch NUM
    Hot restart epoch number

--log-level LEVEL
    Global logging level (default: info)

--max-obj-name-len LENGTH
    Max length for object names in stats

--restart-epoch NUM
    Restart epoch for stats

Envoy is an open source high-performance edge and service proxy designed for cloud-native computing. Written in C++, it provides a universal data plane for API and service proxies, supporting HTTP/1.1, HTTP/2, HTTP/3 (QUIC), gRPC, TCP, and UDP traffic. Key features include dynamic service discovery, load balancing, TLS origination/termination, circuit breaking, health checking, rate limiting, authentication, and rich observability via metrics, logs, and distributed tracing (OpenTelemetry compatible).

Commonly deployed as a sidecar proxy in service meshes like Istio or Linkerd, or as a standalone gateway, Envoy scales to handle massive traffic volumes at companies like Lyft, Google, and Netflix. Configuration is declarative using YAML or JSON files, with support for xDS control planes (v3 API) for runtime updates without restarts. It excels in microservices environments, offering low latency and high throughput. Envoy is lightweight, with minimal dependencies, and includes a powerful admin interface for runtime inspection and modification.

Not installed by default on Linux distros; download binaries or build from source. High CPU/memory usage for production-scale proxies. Requires valid YAML/JSON config; validation recommended with --mode validate. Hot restart needs careful PID/file setup.

Uses bootstrap YAML/JSON defining admin, static_resources (listeners/clusters), and dynamic_resources (xDS). Supports xDS v3 for control-plane driven updates.
Example: listeners: [{name: listener0, address: {socket_address: {address: 0.0.0.0, port_value: 8080}}}]

Exposes REST API on port 9901 (configurable) for stats (/stats), clusters (/clusters), config dump (/config_dump), and runtime tweaks. Secure with --admin-access-log-path.

Download static binaries from GitHub releases (e.g., envoy-1.30.3-linux-x86_64). Run as ./envoy -c envoy.yaml. Docker image: envoyproxy/envoy.

Developed internally at Lyft starting 2015 for mobile service infrastructure; open-sourced September 2016. Joined CNCF as Sandbox project 2018, Incubating 2020, graduated Stable 2021. Widely adopted in service meshes; v1.30+ supports Envoy Configuration Service (ECS).

nginx(8), haproxy(1), socat(1), apache2(8)