I am trying to create an envoy filter with wasm. I compiled the wasm to a docker image, and used an extension server to store the wasms in the cluster (following this example: proxy/extensionserver.yaml at 08d901c958851300601eb56b9232ac117fdfe7d6 · istio/proxy · GitHub).
When I try to use those wasms in an envoy filter, I get this error:
2021-11-16T11:10:58.128431Z critical envoy wasm Plugin configured to fail closed failed to load
2021-11-16T11:10:58.128455Z critical envoy wasm Plugin configured to fail closed failed to load
2021-11-16T11:10:58.128489Z critical envoy wasm Plugin configured to fail closed failed to load
2021-11-16T11:10:58.128596Z warning envoy config gRPC config for type.googleapis.com/envoy.config.core.v3.TypedExtensionConfig rejected: Unable to create Wasm HTTP filter
2021-11-16T11:10:58.223171Z error envoy wasm Function: proxy_on_configure failed: Uncaught RuntimeError: unreachable
Proxy-Wasm plugin in-VM backtrace:
0: 0x1176 - runtime._panic
1: 0x1e69 - (reflect.rawType).NumMethod
2: 0x1b6fb - encoding/json.indirect
3: 0x1ce9c - (*encoding/json.decodeState).literalStore
4: 0x1af46 - (*encoding/json.decodeState).value
5: 0x22f12 - proxy_on_configure
Extension server:
kind: ConfigMap
metadata:
name: extensionserver
data:
extension.yaml: |
extensions:
- name: jwtsvid-manager
path: /bin/jwtsvid-manager.wasm
sha256: bf7ee7b38b440f18f8152b1e96aa99fc76dc020f408b34832fc767d23ec35841
runtime: v8
- name: jwtsvid-injector
path: /bin/jwtsvid-injector.wasm
sha256: ff1242d74d108654fd4262e52911f06df386bbb3635f867a28f667bb63b265d8
runtime: v8
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: extensionserver
labels:
app: extensionserver
spec:
replicas: 1
selector:
matchLabels:
app: extensionserver
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
labels:
app: extensionserver
spec:
containers:
- name: extensionserver
image: sandy-go:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
volumeMounts:
- name: config
mountPath: /etc/extensionserver/config
volumes:
- name: config
configMap:
name: extensionserver
---
apiVersion: v1
kind: Service
metadata:
name: extensionserver
spec:
selector:
app: extensionserver
ports:
- protocol: TCP
port: 8080
name: grpc
---
Envoy filter:
kind: EnvoyFilter
metadata:
name: jwtsvid
spec:
workloadSelector:
labels:
app: sleeper3
configPatches:
# TODO: move this to BOOTSTRAP and run as singleton when istio adds support (see comment in main.go)
- applyTo: HTTP_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
patch:
operation: INSERT_BEFORE
value:
name: jwtsvid-manager
config_discovery:
config_source:
initial_fetch_timeout: 0s # wait indefinitely to prevent bad Wasm fetch
api_config_source:
api_type: GRPC
transport_api_version: V3
grpc_services:
- google_grpc:
target_uri: extensionserver.bar.svc.cluster.local:8080
type_urls: ["envoy.extensions.filters.http.wasm.v3.Wasm"]
# jwt-svid-injector
- applyTo: HTTP_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
patch:
operation: INSERT_BEFORE
value:
name: jwtsvid-injector
config_discovery:
config_source:
initial_fetch_timeout: 0s # wait indefinitely to prevent bad Wasm fetch
api_config_source:
api_type: GRPC
transport_api_version: V3
grpc_services:
- google_grpc:
target_uri: extensionserver.bar.svc.cluster.local:8080
type_urls: ["envoy.extensions.filters.http.wasm.v3.Wasm"]
Am I missing anything here? Any help what be greatly appreciated 