Envoy - Mind Palace

**Envoy** is an open source, high-performance L4/L7 proxy originally built by Lyft and now the foundation of virtually every modern service mesh (Istio, AWS App Mesh, Consul Connect). It is the programmable, xDS API-driven proxy that enables sophisticated traffic management, observability, and security between services. --- ### First Principle: The network should be observable and controllable at L7, not just L3/L4. A TCP load balancer can route connections but can't see inside HTTP requests. Envoy operates at the application protocol level — inspecting HTTP/2, gRPC, and HTTP/1.1 traffic, collecting per-route latency metrics, enforcing rate limits, applying circuit breakers, and doing zero-downtime traffic shifting. All without any application code changes. --- ### Key Considerations - **xDS API**: Envoy is configured dynamically via the xDS API — not static config files. A control plane (like Istio's pilot) pushes routing rules, endpoints, and policies to Envoy in real time. - **Sidecar Pattern**: In service mesh architectures, an Envoy sidecar is injected into every pod. All traffic in/out of the pod passes through Envoy — giving the mesh full observability and control without application changes. - **Observability**: Envoy emits rich telemetry — per-route request/response counts, latencies, error rates — as [[Prometheus]] metrics and distributed traces via [[OpenTelemetry]]. - **Circuit Breaking**: Envoy implements circuit breakers — automatically stopping traffic to unhealthy backends before they cascade into full failures. - **mTLS**: Envoy handles mutual TLS between services using certificates from [[cert-manager]] or SPIFFE/SPIRE. Applications don't handle TLS; Envoy does it transparently. - **vs [[HAProxy]]**: HAProxy is simpler and faster for basic load balancing. Envoy is more powerful for programmable L7 routing, service mesh, and deep observability. --- ### How It Fits ``` Service pod (no TLS code, no retry logic) → Envoy sidecar (mTLS, retries, circuit breaking, metrics) → Envoy sidecar on destination pod → [[HAProxy]] (handles external traffic before it enters the mesh) ``` [[HAProxy]] | [[MetalLB]] | [[cert-manager]] | [[Prometheus]] | [[OpenTelemetry]] | [[Open Source Hyperscaler MoC]]