feat: Wasm extension HTTP code source #3164
Conversation
zhaohuabing
force-pushed
the
wasm-http
branch
3 times, most recently
from
ea8e717 to
07495ec
Compare
| // SHA256 *string `json:"sha256,omitempty"` | ||
| // | ||
| // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` | ||
| SHA256 string `json:"sha256"` |
There was a problem hiding this comment.
Make SHA256 mandatory for now to avoid downloading wasm and calculate SHA in the control plane.
We can make it optional without breaking changes if we opt to build a cache in the control plane in the future.
zhaohuabing
force-pushed
the
wasm-http
branch
7 times, most recently
from
d81834d to
adaa4c8
Compare
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
This reverts commit 64b76a9.
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3164 +/- ##
==========================================
- Coverage 66.51% 66.48% -0.03%
==========================================
Files 161 163 +2
Lines 22673 22994 +321
==========================================
+ Hits 15080 15288 +208
- Misses 6720 6824 +104
- Partials 873 882 +9 ☔ View full report in Codecov by Sentry. |
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
| @@ -31,14 +31,16 @@ type Wasm struct { | |||
| // RootID is a unique ID for a set of extensions in a VM which will share a | |||
| // RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog). | |||
| // If left blank, all extensions with a blank root_id with the same vm_id will share Context(s). | |||
| // RootID *string `json:"rootID,omitempty"` | |||
| // RootID must match the root_id parameter used to register the Context in the Wasm code. | |||
| RootID *string `json:"rootID,omitempty"` | |||
There was a problem hiding this comment.
RootID is needed and it can't be generated by EG. See: https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/921039ae983ce053bf5cba78a85a3c08ff9791e5/proxy_wasm_intrinsics.cc#L27-L28
| code: | ||
| type: HTTP | ||
| http: | ||
| url: https://raw.githubusercontent.com/envoyproxy/envoy/main/examples/wasm-cc/lib/envoy_filter_http_wasm_example.wasm |
There was a problem hiding this comment.
@arkodg The HTTP code source does support HTTPS schema.
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
| @@ -46,12 +46,12 @@ type EnvoyExtensionPolicySpec struct { | |||
| // TargetRef | |||
| TargetRef gwapiv1a2.PolicyTargetReferenceWithSectionName `json:"targetRef"` | |||
|
|
|||
| // WASM is a list of Wasm extensions to be loaded by the Gateway. | |||
| // Wasm is a list of Wasm extensions to be loaded by the Gateway. | |||
There was a problem hiding this comment.
Following the name convention here:https://webassembly.org/
WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.
| @@ -31,14 +31,16 @@ type Wasm struct { | |||
| // RootID is a unique ID for a set of extensions in a VM which will share a | |||
| // RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog). | |||
| // If left blank, all extensions with a blank root_id with the same vm_id will share Context(s). | |||
| // RootID *string `json:"rootID,omitempty"` | |||
| // RootID must match the root_id parameter used to register the Context in the Wasm code. | |||
| RootID *string `json:"rootID,omitempty"` | |||
There was a problem hiding this comment.
why can't we reuse name internally here ?
There was a problem hiding this comment.
In theory, yes, Name can be the same as RootID. But while RootID must match the root_id in the wasm code, Name can be any meaningful name the user wants to name this wasm extension. They are set in different phases:
- RootID: by the developer when writing the wasm source code, can't be changed after wasm module is published
- Name: by the admin when writing the
EnvoyExtensionPolicy, can be changed on the fly
name: envoy.filters.http.wasm/envoyextensionpolicy/envoy-gateway/policy-for-gateway/0
typedConfig:
'@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
config:
configuration:
'@type': type.googleapis.com/google.protobuf.StringValue
value: '{"parameter1":{"key1":"value1","key2":"value2"},"parameter2":"value3"}'
name: some-meaningful-name # can be anything
rootId: my-root-id. # must be the same root_id in the wasm source code
vmConfig:
code:
remote:
httpUri:
cluster: www_example_com_443
timeout: 10s
uri: https://www.example.com/wasm-filter-1.wasm
sha256: 746df05c8f3a0b07a46c0967cfbc5cbe5b9d48d0f79b6177eeedf8be6c8b34b5
runtime: envoy.wasm.runtime.v8
vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/0
There was a problem hiding this comment.
If we can generate this field internally, using name, my vote is to do that and not expose another field the user needs to think about how to populate
There was a problem hiding this comment.
We can't generate RootID, See: https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/blob/921039ae983ce053bf5cba78a85a3c08ff9791e5/proxy_wasm_intrinsics.cc#L27-L28
And it can be optional if the wasm source code leaves it empty.
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
This PR implements the HTTP code source for Wasm extension.