WebAssembly Extensions

WebAssembly Extension support is in Tech Preview in Maistra 2.0, therefore any API or specs mentioned here are not final and might change before it is Generally Available

One of the defining features of a Service Mesh is its capability to move common functionality out of your applications and into a common, out-of-process component: the proxy. This makes sure that all of the features of the Mesh, like observability, traffic management and policy enforcement, can be used with any application, no matter the programming language it’s written in. But what about custom functionalities that your infrastructure requires? If you are using protocols not yet supported by the proxy, or tokens that Maistra doesn’t understand, you’d previously have to make sure they are uniformly implemented in all languages used across your infrastructure. You can now use WebAssembly Extensions to add that functionality directly into the Maistra proxies, allowing you to move even more common functionality out of your applications, and implement them in a single language that compiles to WebAssembly bytecode.


While built for the Web, WebAssembly modules can be run on a multitude of platforms, including proxies, and is an ideal choice for a plugin system because of its broad language support, fast execution with near-native speed and a sandboxed-by-default security model.

Extension Capabilities

Maistra Extensions are Envoy HTTP Filters, giving them a wide range of capabilities:

  • Manipulating Body and Header of requests and responses

  • Out-of-band HTTP requests to services not in the request path (e.g. for authentication or policy checking)

  • Side-channel data storage and queues for filters to communicate with each other