feat(plugin): add proxywasm plugin (#284)

* feat(plugin): add `proxywasm` plugin The `proxywasm` plugin is a WASM Filter following the ProxyWasm ABI Specification using the proxywasm go sdk This allows extensibility with any reverse proxy who implements the ProxyWasm ABI Specification. The current WASM Filter was successfully tested with APISIX, Envoy, Nginx with ngx_wasm_module from Kong and Istio. Fixes #145
2026-01-04 03:54:56 +01:00 · 2024-06-28 13:22:06 -04:00
parent 54bc622b45
commit 3891027e23
57 changed files with 2164 additions and 2891 deletions
--- a/docs/plugins/apacheapisix.md
+++ b/docs/plugins/apacheapisix.md
@@ -0,0 +1,33 @@
+# Apache APISIX Plugin
+
+The Apache APISIX Plugin is a WASM Plugin written with the Proxy Wasm SDK.
+
+## Provider compatibility grid
+
+| Provider                                | Dynamic | Blocking |
+|-----------------------------------------|:-------:|:--------:|
+| [Docker](/providers/docker)             |    ✅    |    ✅     |
+| [Docker Swarm](/providers/docker_swarm) |    ❓    |    ❓     |
+| [Kubernetes](/providers/kubernetes)     |    ❓    |    ❓     |
+
+## Install the plugin to Apache APISIX
+
+```yaml
+wasm:
+  plugins:
+    - name: proxywasm_sablier_plugin
+      priority: 7997
+      file: /wasm/sablierproxywasm.wasm # Downloaded WASM Filter path
+```
+
+## Configuration
+
+You can have the following configuration:
+
+```yaml
+routes:
+  - uri: "/"
+    plugins:
+      proxywasm_sablier_plugin:
+        conf: '{ "sablier_url": "sablier:10000", "group": ["my-group"], "session_duration": "1m", "dynamic": { "display_name": "Dynamic Whoami" } }'
+```
--- a/docs/plugins/envoy.md
+++ b/docs/plugins/envoy.md
@@ -0,0 +1,48 @@
+# Envoy Plugin
+
+The Envoy Plugin is a WASM Plugin written with the Proxy Wasm SDK.
+
+## Provider compatibility grid
+
+| Provider                                | Dynamic | Blocking |
+|-----------------------------------------|:-------:|:--------:|
+| [Docker](/providers/docker)             |    ✅    |    ✅     |
+| [Docker Swarm](/providers/docker_swarm) |    ❓    |    ❓     |
+| [Kubernetes](/providers/kubernetes)     |    ❓    |    ❓     |
+
+## Configuration
+
+You can have the following configuration:
+
+```yaml
+http_filters:
+  - name: sablier-wasm-whoami-dynamic
+    disabled: true
+    typed_config:
+      "@type": type.googleapis.com/udpa.type.v1.TypedStruct
+      type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+      value:
+        config:
+          name: "sablier-wasm-whoami-dynamic"
+          root_id: "sablier-wasm-whoami-dynamic"
+          configuration:
+            "@type": "type.googleapis.com/google.protobuf.StringValue"
+            value: |
+              {
+                "sablier_url": "sablier:10000",
+                "cluster": "sablier",
+                "names": ["docker_classic_e2e-whoami-1"],
+                "session_duration": "1m",
+                "dynamic": {
+                  "display_name": "Dynamic Whoami",
+                  "theme": "hacker-terminal"
+                }
+              }
+          vm_config:
+            runtime: "envoy.wasm.runtime.v8"
+            vm_id: "vm.sablier.sablier-wasm-whoami-dynamic"
+            code:
+              local:
+                filename: "/etc/sablierproxywasm.wasm"
+            configuration: { }
+```
--- a/docs/plugins/istio.md
+++ b/docs/plugins/istio.md
@@ -0,0 +1,45 @@
+# Istio Plugin
+
+The Istio Plugin is a WASM Plugin written with the Proxy Wasm SDK.
+
+## Provider compatibility grid
+
+| Provider                                | Dynamic | Blocking |
+|-----------------------------------------|:-------:|:--------:|
+| [Docker](/providers/docker)             |    ❌    |    ❌     |
+| [Docker Swarm](/providers/docker_swarm) |    ❌    |    ❌     |
+| [Kubernetes](/providers/kubernetes)     |    ✅    |    ✅     |
+
+## Configuration
+
+You can have the following configuration:
+
+!> This only works for ingress gateways.
+!> Attaching this filter to a side-car would not work because the side-car itself gets shutdown on scaling to zero. 
+
+```yaml
+apiVersion: extensions.istio.io/v1alpha1
+kind: WasmPlugin
+metadata:
+  name: sablier-wasm-whoami-dynamic
+  namespace: istio-system
+spec:
+  selector:
+    matchLabels:
+      istio: ingressgateway
+  url: file:///opt/filters/sablierproxywasm.wasm/..data/sablierproxywasm.wasm
+  # Use https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#WasmPlugin-TrafficSelector
+  # To specify which service to apply this filter only
+  phase: UNSPECIFIED_PHASE
+  pluginConfig:
+    {
+      "sablier_url": "sablier.sablier-system.svc.cluster.local",
+      "cluster": "outbound|10000||sablier.sablier-system.svc.cluster.local",
+      "names": [ "deployment_default_whoami_1" ],
+      "session_duration": "1m",
+      "dynamic": {
+        "display_name": "Dynamic Whoami",
+        "theme": "hacker-terminal"
+      }
+    }
+```
--- a/docs/plugins/nginx_proxywasm.md
+++ b/docs/plugins/nginx_proxywasm.md
@@ -0,0 +1,79 @@
+# Nginx Plugin
+
+The Nginx Plugin is a WASM Plugin written with the Proxy Wasm SDK.
+
+## Provider compatibility grid
+
+| Provider                                | Dynamic | Blocking |
+|-----------------------------------------|:-------:|:--------:|
+| [Docker](/providers/docker)             |    ✅    |    ✅     |
+| [Docker Swarm](/providers/docker_swarm) |    ❓    |    ❓     |
+| [Kubernetes](/providers/kubernetes)     |    ❓    |    ❓     |
+
+# Install ngx_wasm_module
+
+Install https://github.com/Kong/ngx_wasm_module.
+
+Example for a Dockerfile:
+
+```dockerfile
+FROM ubuntu:22.04
+
+RUN apt update && apt install libatomic1
+
+ADD https://github.com/Kong/ngx_wasm_module/releases/download/prerelease-0.3.0/wasmx-prerelease-0.3.0-v8-x86_64-ubuntu22.04.tar.gz wasmx.tar.gz
+
+RUN mkdir /etc/nginx
+RUN tar -xvf wasmx.tar.gz
+RUN mv /wasmx-prerelease-0.3.0-v8-x86_64-ubuntu22.04/* /etc/nginx/
+
+WORKDIR /etc/nginx
+
+CMD [ "./nginx", "-g", "daemon off;" ]
+```
+
+## Configuration
+
+```nginx
+# nginx.conf
+events {}
+
+# nginx master process gets a default 'main' VM
+# a new top-level configuration block receives all configuration for this main VM
+wasm {
+    module proxywasm_sablier_plugin /wasm/sablierproxywasm.wasm;
+}
+
+http {
+    access_log /dev/stdout;
+
+    # internal docker resolver, see /etc/resolv.conf on proxy container
+    # needed for docker name resolution
+    resolver 127.0.0.11 valid=1s ipv6=off;
+
+    server {
+        listen 8080;
+
+        location /dynamic {
+            proxy_wasm  proxywasm_sablier_plugin '{ "sablier_url": "sablier:10000", "names": ["docker_classic_e2e-whoami-1"], "session_duration": "1m", "dynamic": { "display_name": "Dynamic Whoami", "theme": "hacker-terminal" } }';
+
+            # force dns resolution by using a variable 
+            # because container will be restarted and change ip a lot of times
+            set $proxy_pass_host whoami:80$request_uri;
+            proxy_pass  http://$proxy_pass_host;
+            proxy_set_header Host localhost:8080; # e2e test compliance
+        }
+
+        location /blocking {
+            wasm_socket_read_timeout 60s; # Blocking hangs the request
+            proxy_wasm  proxywasm_sablier_plugin '{ "sablier_url": "sablier:10000", "names": ["docker_classic_e2e-whoami-1"], "session_duration": "1m", "blocking": { "timeout": "30s" } }';
+    
+            # force dns resolution by using a variable 
+            # because container will be restarted and change ip a lot of times
+            set $proxy_pass_host whoami:80$request_uri;
+            proxy_pass  http://$proxy_pass_host;
+            proxy_set_header Host localhost:8080; # e2e test compliance
+        }
+    }
+}
+```
--- a/docs/plugins/overview.md
+++ b/docs/plugins/overview.md
@@ -12,11 +12,24 @@ It leverages the API calls to plugin integration to catch in-flight requests to

 ## Available Reverse Proxies

-| Reverse Proxy                | Docker | Docker Swarm mode | Kubernetes |                          Podman                           |
-| ---------------------------- | :----: | :---------------: | :--------: | :-------------------------------------------------------: |
-| [Traefik](/plugins/traefik) |   ✅    |         ✅         |     ✅      | [See #70](https://github.com/acouvreur/sablier/issues/70) |
-| [Nginx](/plugins/nginx)     |   ✅    |         ✅         |     ❌      |
-| [Caddy](/plugins/caddy)     |   ✅    |         ✅         |     ❌      |
+| Reverse Proxy                                   | Docker | Docker Swarm mode | Kubernetes |                  
+|-------------------------------------------------|:------:|:-----------------:|:----------:|
+| [Apache APISIX](/plugins/apacheapisix)          |   ✅    |         ✅         |     ✅      |                                                           
+| [Caddy](/plugins/caddy)                         |   ✅    |         ✅         |     ❌      |                                                           
+| [Envoy](/plugins/envoy)                         |   ✅    |         ❓         |     ❓      |                                                           
+| [Istio](plugins/istio)                          |   ❌    |         ❌         |     ⚠️     |                                                           
+| [Nginx (NJS Module)](/plugins/nginx_njs)        |   ✅    |         ✅         |     ✅      |
+| [Nginx (WASM Module)](/plugins/nginx_proxywasm) |   ✅    |         ❓         |     ❓      |
+| [Traefik](/plugins/traefik)                     |   ✅    |         ✅         |     ✅      |
+| [ProxyWasm](/plugins/proxywasm)                 |   ✅    |         ✅         |     ✅      |
+
+> ✅ **Fully compatible**
+> 
+> ⚠️ **Partially compatible**
+> 
+> ❓ **Should be compatible (but not tested)**
+> 
+> ❌ **Not compatible**

 *Your Reverse Proxy is not on the list? [Open an issue to request the missing reverse proxy integration here!](https://github.com/acouvreur/sablier/issues/new?assignees=&labels=enhancement%2C+reverse-proxy&projects=&template=reverse-proxy-integration-request.md&title=Add+%60%5BREVERSE+PROXY%5D%60+reverse+proxy+integration)*