Extensibility

WebAssembly sandbox goals:

• Efficiency - An extension adds low latency, CPU, and memory overhead.
• Function - An extension can enforce policy, collect telemetry, and perform payload mutations.
• Isolation - A programming error or crash in one plugin doesn’t affect other plugins.
• Operator - An extension can be canaried and deployed as log-only, fail-open or fail-close.
• Extension developer - The plugin can be written in several programming languages.

Istio extensions (Proxy-Wasm plugins) have several components:

• Filter Service Provider Interface (SPI) for building Proxy-Wasm plugins for filters.
• Sandbox V8 Wasm Runtime embedded in Envoy.
• Host APIs for headers, trailers and metadata.
• Call out APIs for gRPC and HTTP calls.

Extending Istio/Envoy

• Proxy-Wasm ABI specification
• Proxy-Wasm Rust SDK
• WebAssembly Hub