Debugging with Envoy filters

Airlock Microgateway allows adding additional Envoy filters in the CR EnvoyHTTPFilter. The CR EnvoyCluster allows configuring additional clusters if a native Envoy HTTP filter relies on it.
For debugging purposes, it can be helpful to configure additional Envoy filters.

Two filters that have proven to be especially useful for request/response debugging are:

  • Tap filter for recording HTTP traffic.
  • Buffer filter for buffering entire requests before forwarding them.

This article covers the general steps needed to configure additional envoy filters and gives additional information about the above filters.

 
Info

The instructions in this article may be used to configure additional/other Envoy filters. For a complete list of filters, see official Envoy HTTP filters documentation.

Tap filter configuration

The Tap filter allows to interpose on and record HTTP traffic that the Microgateway receives. For further details, see official Envoy Tap filter documentation.

Configure and use the Tap filter:

  1. Add and configure the filter in the CR EnvoyHTTPFilter.
  2.  
    Example
    apiVersion: microgateway.airlock.com/v1alpha1 
kind: EnvoyHTTPFilter 
metadata: 
  name: envoy-http-filter-tap 
spec:  
  value:  
    name: envoy.filters.http.tap  
    typed_config:  
      "@type": type.googleapis.com/envoy.extensions.filters.http.tap.v3.Tap  
      common_config:  
        admin_config:  
          config_id: tap_filter_config
  3. Reference the CR EnvoyHTTPFilter in the CR SidecarGateway.
  4. Configure a port forwarding for the Envoy Administration interface as described in Envoy Admininistration interface. The standard port of the interface is port 19000.
  5. To use the Tap filter, create a local configuration file (see example). The config_id value must match the config_id value configured in the CR EnvoyHTTPFilter.
  6.  
    Example
    { 
  "config_id": "tap_filter_config", 
  "tap_config": { 
    "match_config": { 
      "any_match": "true" 
    }, 
    "output_config": { 
      "sinks": [ 
        { 
          "streaming_admin": {}, 
          "format": "JSON_BODY_AS_STRING" 
        }         
      ], 
      "max_buffered_rx_bytes": 100000
    } 
  } 
}
  7. Then use CURL to tap into the traffic.
  8.  
    Terminal box
    curl localhost:19000/tap --data @tap_config
  9. With this config, all requests up to a size of 100000 bytes are recorded in JSON format. The tapped content (i.e. the traffic arriving at the microgateway) is output to the console. Consider writing the output to a file, as the output can generate a considerable amount of data.

Buffer filter

The Buffer filter enables the buffering of all request data. The Buffer filter disables the streaming behavior and instead waits for a fully buffered request before applying a subsequent filter. For further details, see official Envoy Buffer filter documentation.

Configure the Buffer filter:

  1. Add and configure the filter in the CR EnvoyHTTPFilter.
  2.  
    Example
    apiVersion: microgateway.airlock.com/v1alpha1 
kind: EnvoyHTTPFilter 
metadata: 
  name: envoy-http-filter-tap-buffer
 spec: 
  value:      
    name: envoy.filters.http.buffer 
    typed_config: 
      "@type": type.googleapis.com/envoy.extensions.filters.http.buffer.v3.Buffer 
      max_request_bytes: 10000000
  3. Reference the CR EnvoyHTTPFilter in the CR SidecarGateway.
  4. With this config, all requests up to a size of 10000000 bytes can be buffered. For any larger requests, the filter will send a 413 response code.