{"id":37091461,"url":"https://github.com/amukherj/envoygrpc","last_synced_at":"2026-01-14T11:06:55.178Z","repository":{"id":57570344,"uuid":"229695016","full_name":"amukherj/envoygrpc","owner":"amukherj","description":"Sample grpc services communicating over Envoy.","archived":false,"fork":false,"pushed_at":"2022-04-07T20:44:57.000Z","size":46,"stargazers_count":10,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-16T03:34:42.746Z","etag":null,"topics":["envoy","grpc","sds","secrets","secrets-discovery-service","ssl","tls"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amukherj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-23T06:56:39.000Z","updated_at":"2024-10-10T14:21:04.000Z","dependencies_parsed_at":"2022-09-10T20:22:00.868Z","dependency_job_id":null,"html_url":"https://github.com/amukherj/envoygrpc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/amukherj/envoygrpc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amukherj%2Fenvoygrpc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amukherj%2Fenvoygrpc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amukherj%2Fenvoygrpc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amukherj%2Fenvoygrpc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amukherj","download_url":"https://codeload.github.com/amukherj/envoygrpc/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amukherj%2Fenvoygrpc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["envoy","grpc","sds","secrets","secrets-discovery-service","ssl","tls"],"created_at":"2026-01-14T11:06:54.483Z","updated_at":"2026-01-14T11:06:55.172Z","avatar_url":"https://github.com/amukherj.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Using Envoy as a reverse proxy for GRPC services\n\nThis repo demonstrates how to configure [Envoy](https://www.envoyproxy.io/) for\nrouting to gRPC services. The focus is to show basic constructs for enabling\nrouting to gRPC services, making it work with TLS / mTLS (todo), and making\ncertificates available via the Secrets Discovery Service.\n\nThe norm for most such repos is to use at the least Docker. I have deliberately\navoided any form of containers or other deployment shebang to keep the focus\non just Envoy and make it utterly easy to understand what's going on.\n\n## Code\nThere are two gRPC services.\n\n1. For the first gRPC service, `echo`:\n   1. The grpc service and message definitions are under `messages`.\n   2. The grpc service implementation is under `cmd/server`.\n1. For the second gRPC service, `names`:\n   1. The grpc service and message definitions are under `names`.\n   2. The grpc service implementation is under `cmd/names`.\n3. The grpc client implementation is under `cmd/client`.\n4. The Secrets Discovery Service implementation is under `cmd/sds` and is\ndeliberately kept simple.\n\nSelf-signed certificates are automatically generated as part of the build\nprocess. Look at the Makefile to understand what's going on. This also means\nthat you should have OpenSSL installed on your dev box.\n\n## Building\nTo build the binaries just do the following.\n\n    make\n\nIt is expected that you will copy a pre-built Envoy binary from somewhere into\n`./bin`.  Consider pulling the Envoy docker image, running, and `docker cp`-ing\nthe envoy binary from inside it. Copy this binary to the `bin/` subdirectory of\nthe repo.\n\n## Running\n\n### Ingress\nStart two instances of each gRPC server locally:\n\n    ./bin/server :50501\n    ./bin/server :50503\n\n    ./bin/names :50505\n    ./bin/names :50507\n\nStart Envoy:\n\n    ./bin/envoy -c config/envoy/envoy.yaml\n\nRun the client:\n\n    ./bin/client 0.0.0.0:9911 \"Your message here\"\n\nIn the response printed on the console, check if the From field is correctly set\nto the local host's hostname.\n\n#### Ingress with TLS\nIf you want to test TLS support, start Envoy thus:\n\n    ./bin/envoy -c config/envoy/tls/envoy.yaml\n\nRun the client:\n\n    ./bin/client 0.0.0.0:9943 \"Your message here\"\n\n#### Ingress with TLS and header-based routing\nIf you want to test TLS support, start Envoy thus:\n\n    ./bin/envoy -c config/envoy/tls/envoy-hdr-rtg.yaml\n\nRun the client:\n\n    ./bin/hdrclient 0.0.0.0:9943 \"Your message here\" x-ikat-service-id greeter\n\nOr:\n\n    ./bin/hdrclient 0.0.0.0:9943 \"Your message here\" x-ikat-service-id text\n\n#### TLS via Secrets Discovery Service (SDS)\nYou can serve TLS certs via the Secrets Discovery Service (SDS) instead of\nstatically. There is a simplistic SDS implementation in cmd/sds/main.go. To\ntest this, run the following commands in addition to starting the two\ninstances of ./bin/server on 50501 and 50503.\n\n\t./sds\n    ./bin/envoy -c config/envoy/tls/envoy-sds.yaml\n\nRun the client:\n\n    ./bin/client 0.0.0.0:9943 \"Your message here\"\n\nQQ: Why don't we use the envoyproxy/go-control-plane implementation of SDS?\nMainly because it doesn't support SDS connections via Unix domain sockets\nand require that you set up mTLS between Envoy and the control plane process\nrunning the SDS implementation. Feel free to fork this repo and try it.\n\n### Egress\nStart two instances of the gRPC server on a remote server. Note the IP\naddress of the remote server.\n\nOn the remote site, start an Envoy instance by running:\n\n    ./bin/envoy -c config/envoy/envoy-emery.yaml\n\nOn the local server, edit config/envoy/envoy.yaml in the repo and replace\nthe IP address `192.168.87.*` with the IP of your remote server. Now start\nEnvoy locally:\n\n    ./bin/envoy -c config/envoy/envoy.yaml\n\nRun the client to connect to the egress port on the local Envoy:\n\n    ./bin/client localhost:9912 \"Your message here\" authority emery\n\nIn the above, `emery` is the identifier for your remote host(s). It can be any\nname as long as you also update it in the config.\n\nIn the response printed on the console, check if the From field is correctly set\nto the remote server's hostname.\n\n#### TLS\nIf you want to test TLS support, start Envoy on the remote server thus:\n\n    make\n    ./bin/envoy -c config/envoy/tls/envoy-emery.yaml\n\nOn the local server, start Envoy thus.\n\n    ./bin/envoy -c config/envoy/tls/envoy.yaml\n\nRun the client to connect to the egress port on the local Envoy:\n\n    ./bin/client 0.0.0.0:9912 \"Your message here\" authority emery\n\nIn the above, `emery` is the identifier for your remote host(s). It can be any\nname as long as you also update it in the config.\n\n#### TLS via Secrets Discovery Service (SDS)\nLeft as an exercise. Easy to extend based on the earlier example.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famukherj%2Fenvoygrpc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famukherj%2Fenvoygrpc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famukherj%2Fenvoygrpc/lists"}