Envoy 1.28: HTTP/3 Excellence and WebAssembly Performance
K8s Guru
2 min read
Table of Contents
Introduction
Envoy 1.28, released on August 10, 2023, is most relevant if you expose services on Kubernetes and need stable, debuggable traffic paths. The practical wins usually show up at the edge: clearer traffic behavior, fewer surprises during failover, and easier debugging when routes go weird.
HTTP/3 Excellence
- HTTP/3 improvements provide better performance and reliability for QUIC-based connections.
- Connection migration enables seamless handoffs between network interfaces.
- Multiplexing enhancements reduce head-of-line blocking for improved throughput.
- Error handling improvements provide better recovery from connection failures.
WebAssembly Performance
- Wasm runtime optimizations reduce overhead and improve execution speed for custom filters.
- Memory management improvements enable more efficient resource usage for Wasm workloads.
- Plugin development enhancements simplify creating and deploying Wasm-based extensions.
- Hot reload capabilities enable updating Wasm filters without proxy restart.
Performance Optimizations
- Connection pooling improvements reduce latency and improve resource utilization.
- Load balancing enhancements deliver better distribution algorithms with lower overhead.
- Circuit breaking improvements provide faster failure detection and recovery.
- TLS optimizations reduce CPU overhead for encrypted connections.
Observability & Debugging
- Metrics expansion exposes detailed performance and health metrics for Prometheus.
- Tracing improvements provide better correlation of requests across service boundaries.
- Access logs enhancements enable more detailed request/response logging with filtering.
- Admin interface improvements provide better visibility into proxy state and configuration.
Security Enhancements
- TLS improvements enhance certificate management and rotation.
- mTLS support enables mutual TLS for service-to-service communication.
- Rate limiting enhancements provide more sophisticated throttling strategies.
- Authorization improvements enable fine-grained access control policies.
Getting Started
docker run -d --name envoy \
-p 9901:9901 \
-p 10000:10000 \
envoyproxy/envoy:v1.28.0
Basic Envoy configuration:
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: service_cluster
clusters:
- name: service_cluster
connect_timeout: 0.25s
type: LOGICAL_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: backend
port_value: 8080
Summary
| Aspect | Details |
|---|---|
| Release Date | August 10, 2023 |
| Headline Features | HTTP/3 improvements, WebAssembly performance, significant optimizations |
| Why it Matters | Delivers high-performance proxy with modern protocols and extensibility |
Envoy 1.28 demonstrates continued leadership in cloud-native proxy technology, providing teams with performance, reliability, and extensibility for modern service architectures.