Lyft’s L7 proxy rides on: Envoy is the third CNCF project to graduate
Welcome to the class of 2018. Envoy is the third CNCF project to reach graduation status after just three shorts years since its creation. Congratulations Envoy! What incubating project will follow in its footsteps?
First, there was Kubernetes. Then, Prometheus joined the stage. Now, welcome the third Cloud Native Computing Foundation (CNCF) project to graduate. The Envoy proxy flips its tassel and receives its diploma. Congratulations Envoy!
CNCF projects have different levels of maturity and criteria that must be met before graduation. Two-thirds of the foundation must agree upon the project’s stage before it moves up a rank. You can read about the graduation criteria in depth on GitHub.
From the CNCF announcement: “To move from the maturity level of incubation to graduation, projects must demonstrate thriving adoption, a documented neutral governance process, multi-organization committership, and a strong commitment to community sustainability and inclusivity.” High honors indeed!
Ivan Novikov, white hat hacker, penetration tester and CEO of security company Wallarm said about Envoy: “Envoy Proxy is a good project and its growing popularity is well deserved. It is pretty robust from a security perspective because of the good architecture, C++ implementation and lack of legacy code base. At the same time, it is a new project and DevOps folks are much less familiar with it than, for example, NGINX. As a result, we are likely to see a higher number of security issues driven by misunderstanding or misconfiguraiton, such as misconfigurations making the platform vulnerable to sophisticated SSRF exploitations.”
Envoy is an open source, high-performance edge and service proxy, designed for cloud-native applications written in C++. It helps users transition to cloud native architectures and manages interactions between microservices.
Take it straight from the source. Envoy’s site describes it as:
Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Built on the learnings of solutions such as NGINX, HAProxy, hardware load balancers, and cloud load balancers, Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to visualize problem areas via consistent observability, tune overall performance, and add substrate features in a single place.
Used by big names such as airbnb, ebay, IBM, Netflix, and Square it’s carved out its niche in the landscape. In three short years it quickly became an industry leader. Users love it for its small memory footprint, usability with any application language, and modern code base.
Every good hero has an origin story. So, how did Envoy begin its journey?
Lyft engineer Matt Klein wrote a blog about their humble beginnings in 2015 and theorizes what made Envoy popular in such a short span of time. (Three years to graduate! If only all degrees worked like that.) For those interested in learning about its design philosophy, make sure to watch (or read the transcript) Matt Klein’s talk: “Lyft’s Envoy: From Monolith to Service Mesh”. Klein discusses the project’s youth and the blueprints that make it so useful.
Looking to contribute to this prolific project? Check the contribution guide. Future plans for Envoy include new protocols and moving to mobile and IoT devices.
Did anyone predict that Envoy would be the next project to graduate? Any bets on what the fourth project to don its graduation gown will be?