LinuxCommandLibrary

envoy

Run a cloud-native edge and service proxy

TLDR

Initialize a configuration file

$ envoy init [host_name]
copy

Run a task
$ envoy run [task_name]
copy

Run a task from a specific project
$ envoy run --path [path/to/directory] [task_name]
copy

Run a task and continue on failure
$ envoy run --continue [task_name]
copy

Dump a task as a Bash script for inspection
$ envoy run --pretend [task_name]
copy

Connect to the specified server via SSH
$ envoy ssh [server_name]
copy

SYNOPSIS

envoy [OPTIONS...]
envoy --config-path <path> [OPTIONS...]

PARAMETERS

--config-path <path>
    Specifies the path to the main configuration file, typically a YAML file, from which Envoy loads its listeners, clusters, and routes.

--config-yaml <yaml>
    Provides the configuration directly as a YAML string, allowing for inline configuration without a separate file.

--concurrency <num>
    Sets the number of worker threads that Envoy will use for processing requests. Defaults to the number of hardware cores available.

--admin-address-path <path>
    Specifies a file where the address (e.g., IP:port) of the administrative interface will be written upon Envoy startup.

--log-level <level>
    Sets the logging verbosity for Envoy. Common levels include trace, debug, info, warn, error, critical. Defaults to info.

--drain-time-s <seconds>
    Defines the time in seconds that Envoy will wait for connections to drain during hot restart or graceful shutdown, allowing ongoing requests to complete.

--parent-shutdown-time-s <seconds>
    Sets the time in seconds that Envoy will wait for the parent process to gracefully shut down during a hot restart cycle.

--disable-hot-restart
    Disables the hot restart functionality. This is generally not recommended for production environments where high availability is crucial.

--service-cluster <name>
    Specifies the name of the service cluster that this particular Envoy instance belongs to, useful for metrics and tracing.

--service-node <name>
    Defines the name of the service node that this Envoy instance represents within its service cluster, often unique per instance.

--help
    Displays a comprehensive help message detailing all available command-line options and exits.

--version
    Outputs the current version of the Envoy Proxy and exits.

DESCRIPTION

Envoy Proxy is an open-source, high-performance edge/middle/service proxy designed for cloud-native applications.
It acts as a universal data plane for microservices and distributed systems. Built by Lyft, it's a key component of the service mesh architecture, providing features like load balancing, circuit breaking, health checks, traffic splitting, and advanced routing.
Envoy excels in observability, offering extensive metrics, distributed tracing, and detailed access logging. It supports various protocols (HTTP/1.1, HTTP/2, gRPC, TCP, and more) and can be deployed as a sidecar, frontend proxy, or gateway.
Its dynamic configuration capabilities allow for live updates without restarts, making it an essential tool for modern distributed systems.

CAVEATS

Complex Configuration: Envoy's powerful features come with a sophisticated configuration, typically managed via YAML files, which can have a steep learning curve and require deep architectural understanding.
Control Plane Dependency: For dynamic and large-scale deployments, Envoy is usually integrated with a 'control plane' (e.g., Istio, App Mesh, or custom solutions) that pushes configurations to instances, rather than relying solely on static files.
Resource Usage: While highly performant, Envoy can consume significant CPU and memory resources, especially with a large number of listeners, routes, or connections.

HOT RESTART CAPABILITIES

Envoy supports hot restart, a critical feature enabling configuration updates and binary upgrades to be applied without dropping existing connections. This ensures high availability and minimal disruption during maintenance windows.

SERVICE MESH INTEGRATION

Envoy is a de-facto standard for the data plane in service mesh architectures. It sits alongside each service instance (often as a sidecar), handling all inbound and outbound network traffic, providing transparent network-level features like load balancing, circuit breaking, and traffic management.

EXTENSIVE OBSERVABILITY

One of Envoy's strongest features is its built-in observability. It provides detailed statistics, supports distributed tracing (e.g., Zipkin, Jaeger), and offers comprehensive access logging, making it invaluable for monitoring and debugging complex microservices.

HISTORY

Developed by Lyft in 2016 to address networking challenges in their rapidly growing microservices architecture, Envoy Proxy was open-sourced in September 2016. Its robust features and extensibility quickly gained traction within the cloud-native community. In 2018, it became the first project to graduate from the Cloud Native Computing Foundation (CNCF), solidifying its role as a foundational component in modern distributed systems and service mesh implementations.

SEE ALSO

nginx(8), haproxy(8), iptables(8)

Copied to clipboard