yanavlasov
commented
8 months ago Adding @lizan and @mpwarres as area owners
Open arkodg opened 8 months ago
yanavlasov
commented
8 months ago Adding @lizan and @mpwarres as area owners
kyessenov
commented
8 months ago 
arkodg
commented
7 months ago auths key via SDS similar to this or something similar@kyessenov @yanavlasov can try and find a contributor from the community to help with this feature, once its been accepted
jewertow
commented
7 months ago requested @zhaohuabing to look into https://github.com/envoyproxy/envoy/issues/29824 when he has some free cycles
@zhaohuabing did you already start or are you going to start working on this issue soon? If not, I could take care of it.
zhaohuabing
commented
7 months ago @jewertow I haven't started on this. Please feel free to move on if you have time.
kyessenov
commented
7 months ago If you're going to implement it, let's settle on the two design issues:
jewertow
commented
7 months ago @kyessenov are your suggestions relevant for HTTPS URI or for OCI? I was going to start with HTTPS URI and I didn't investigate the scope of OCI yet.
kyessenov
commented
7 months ago Yes, they are. OCI is not that different from a regular HTTPS. It's just a tar with structured content and some authentication schemes.
zhaohuabing
commented
7 months ago Should HTTPS be similar to the current HTTP fetching and caching mechanism?
kyessenov
commented
7 months ago @zhaohuabing The current HTTP fetching in Wasm is somewhat broken, we warn people not to use it. If you use a cluster specifier, then HTTPS vs HTTP becomes a configuration in the upstream cluster, so yes, it should be similar.
zhaohuabing
commented
7 months ago @zhaohuabing The current HTTP fetching in Wasm is somewhat broken, we warn people not to use it. If you use a cluster specifier, then HTTPS vs HTTP becomes a configuration in the upstream cluster, so yes, it should be similar.
@kyessenov Could you elaborate on what's broken in HTTP fetching? We plan to use HTTP Wasm code source in EG and want to avoid any known issues. Thanks!
kyessenov
commented
7 months ago @kyessenov Could you elaborate on what's broken in HTTP fetching? We plan to use HTTP Wasm code source in EG and want to avoid any known issues. Thanks!
It crashes :) I don't have enough time to troubleshoot and fix it, but it needs to be fixed before using it in production.
zhaohuabing
commented
7 months ago After testing, I confirmed that HTTPS schema works for the Wasm HTTP code source. It seems that TLS is solely associated with the Cluster configuration and does not require handling within the Wasm filter.
jewertow
commented
3 weeks ago @kyessenov I wanted to start working on support for OCI scheme, and since this requires to send a few consecutive requests (GET manifests -> GET blobs -> GET layers), I wonder if I should follow asynchronous pattern used in RemoteDataFetcher? I mean, should I implement fetchers extending Http::AsyncClient::Callbacks for manifests, blobs and layers and call them consecutively in onSuccess? WDYT?
Title: One line description
Description:
Envoy only supports fetching a WASM module remotely via http
Majority of the WASM Modules now live in OCI Registries, so would be great if an
ocifield was supported to allow users to fetch WASM modules directly instead of using a shim (an auxiliary control plane creating a temporary file server or a sidecar agent that prefetches from an OCI registry and persists it into the common filesystem) that deals with the CRUD state machine[optional Relevant Links:]