The Cequence integration with Envoy Proxy uses a WebAssembly-based HTTP filter that provides advanced request/response processing capabilities.
Cequence integrates with Envoy's HTTP filter chain to provide:
- Request/response body capture and analysis
- Integration with an external Bridge API service
- Configurable sampling for performance optimization
- Content type-based filtering
Prerequisites
Before you begin this procedure, confirm that your environment meets the following prerequisites.
- Envoy proxy installed on your system
- Administrative privileges for configuration changes
- A working installation of Cequence Bridge.
Installing the WASM filter
- Create the directory /etc/envoy/proxy-wasm/plugins if it does not already exist, then run the following command.
curl -o /etc/envoy/proxy-wasm-plugins/cequence_envoy_wasm.wasm \
This command downloads the WASM filter to the /etc/envoy/proxy-wasm/plugins directory. Note that the link used by this curl command is refreshed regularly. If the link in this command is no longer valid, log a Zendesk ticket with Cequence Support for an updated link.
'https://downloads.ext.cequence.ai/gateway-integrations/envoy/cequence_envoy_filter.wasm?AWSAccessKeyId=AKIA2YJCY5VEO2PVGL52&Expires=1736300403&Signature=QgYAy4YjREOM6SSOJxBcw1MW2pI%3D&response-content-disposition=attachment%3Bfilename%3Dcequence_envoy_filter.wasm' - In the /etc/envoy directory, create a file named envoy.yaml.
A sample Envoy YAML configuration file without a WASM filter configured is available later in this article, as an example. - In envoy.yaml, provide the following configuration values.
- Listener configuration uses the port_value parameter, set to 10000
- HTTP connection manager setup
- WASM filter configuration
- Cluster configuration for backend services - In /etc/envoy, create a file named wasm-config.json.
- Paste the following configuration text into wasm-config.json.
{
Customize these values as required by your use case.
"version": "1.0.0",
"logLevel": "info",
"bridgeApi": {
"name": "bridge-api",
"host": "127.0.0.1",
"port": 8080,
"scheme": "http",
"path": "/api/v1",
"cluster": "bridge_api"
},
"captureOptions": {
"filterContentTypes": [
"application/json",
"application/xml",
"application/x-www-form-urlencoded",
"text/xml",
"text/json"
],
"reqBodyCaptureLimit": 32768,
"resBodyCaptureLimit": 32768
},
"sampling": {
"enabled": true,
"percentage": 50
}
} - Run the following command.
envoy --config-path /etc/envoy/envoy.yaml --mode validate
This command validates your Envoy configuration. - Run the following command.
envoy --config-path /etc/envoy/envoy.yaml
This command starts Envoy.
Sample envoy.yaml
The following YAML file is an example Envoy configuration.
Note: You must update the values in the line bridge_api: block to reflect the actual values in use by your installed Cequence Bridge instance.
static_resources:
listeners:
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: local_routes
virtual_hosts:
- name: local_service
domains:
- "*"
routes:
- match:
prefix: "/"
route:
cluster: httpbin
http_filters:
- name: envoy.filters.http.buffer
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer
max_request_bytes: 65536
- name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/udpa.type.v1.TypedStruct
type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
value:
config:
name: "cequence_envoy"
configuration:
"@type": "type.googleapis.com/google.protobuf.StringValue"
value: |
{
"version": "1.0.0",
"logLevel": "info",
"bridgeApi": {
"name": "bridge-api",
"host": "127.0.0.1",
"port": 8080,
"scheme": "http",
"path": "/api/v1",
"cluster": "bridge_api"
},
"captureOptions": {
"filterContentTypes": ["application/json", "application/xml"],
"reqBodyCaptureLimit": 32768,
"resBodyCaptureLimit": 32768
},
"sampling": {
"enabled": true,
"percentage": 50
}
}
vm_config:
runtime: "envoy.wasm.runtime.v8"
code:
local:
filename: "/etc/envoy/proxy-wasm-plugins/cequence_envoy_wasm.wasm"
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: httpbin
connect_timeout: 5s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: httpbin
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: httpbin
port_value: 8080
Environmental considerations
The following aspects of your compute environment can affect whether and how Envoy runs with the WASM filter in place.
Port configuration
By default, Envoy uses port 10000. You can modify the value of port_value in the listener configuration to change this.
Content type filtering
The filterContentTypes parameter establishes whether to filter by content type. By default, the Envoy WASM filter proxy supports the following content types:
- application/json
- application/xml
- application/x-www-form-urlencoded
- text/xml
- text/json
An empty list filters no content types.
Body capture limits
By default the capure limit for both request and response bodies is 32kB. Adjust the values of the reqBodyCaptureLimit and resBodyCaptureLimit parameters to change these defaults.
Sampling configuration
Change the value of the sampling.enabled entry in envoy.yaml to enable or disable sampling configuration. When sampling configuration is enabled, the default sample rate is 50%. Change the sample rate by setting a value between 1 and 100 for sampling.percentage.
Dealing with common errors
For configuration validation errors, check the syntax of the envoy.yaml file. Verify that all the clusters referenced in envoy.yaml have been completely defined. Verify that the path to the WASM file is correct.
For runtime issues, check the Envoy logs for WASM errors. Confirm that access to the Bridge API service exists. Monitor resource usage and, if necessary, adjust capture limits.
Recommendations
- Keep the WASM filter updated to the latest version
- Monitor log levels in production (recommended: "info" or "warn")
- Consider sampling rates based on traffic volume
- Regularly validate configuration changes before deployment