Agent IO
@agent.io
📤 11
đź“Ą 11
đź“ť 65
Fetching and serving by
@timburks.me
pinned post!
IO is a new network proxy that makes application development easier and application deployments more secure.
agent.io/posts/io
loading . . .
Your Friendly Neighborhood Network Proxy
Meet the proxy you’ve always wanted.
https://agent.io/posts/io
7 months ago
0
0
0
Recently we started building our own Envoy binaries and IO container images.
agent.io/decisions/co...
loading . . .
Build Envoy and IO containers directly
Use gcr.io/distroless and self-built Envoys to have more control and to reduce dependencies, vulnerabilites, and image size.
https://agent.io/decisions/containers/
20 days ago
0
0
0
Envoy requires libc, so it doesn't make sense for IO to make performance sacrifices to avoid depending on libc itself. That lets us build IO with CGO and use the native SQLite library, which has big performance benefits.
agent.io/decisions/cgo/
loading . . .
Use CGO, libc, and pure SQLite.
Since Envoy will always depend on libc, it seems reasonable for IO to also.
https://agent.io/decisions/cgo/
about 1 month ago
0
0
0
This week IO's configuration language got a revamp and a reference
agent.io/io/config/
loading . . .
IO Configuration Reference
Here’s how you can configure IO using its HCL-based configuration language.
https://agent.io/io/config/
about 2 months ago
1
0
0
Tempted by Alpine Linux:
agent.io/decisions/al...
loading . . .
Hold on Alpine Linux
I love the ideas behind this lightweight distribution, but it’s challenging in practice.
https://agent.io/decisions/alpine/
2 months ago
0
0
0
In September we created Sidecar, a new Go gRPC implementation that focuses on clarity, simplicity, and security for apps that run with sidecars. It's now how IO does gRPC. Here's a discussion of our decision to switch.
agent.io/decisions/si...
loading . . .
Build and Use Sidecar
Replace Connect with a new, simple, transparent Go gRPC library.
https://agent.io/decisions/sidecar/
3 months ago
0
0
0
Is it an SDK... or a monster infesting your app?
agent.io/posts/sdks/
loading . . .
Out-of-Process SDKs
Do you really want to put that vendor code in your app?
http://agent.io/posts/sdks/
3 months ago
0
0
1
reposted by
Agent IO
TB
3 months ago
If you use Go, gRPC, and sidecar proxies, I wrote this for you
github.com/agentio/sidecar
loading . . .
GitHub - agentio/sidecar: Baggage-free gRPC for Go.
Baggage-free gRPC for Go. . Contribute to agentio/sidecar development by creating an account on GitHub.
https://github.com/agentio/sidecar
0
2
1
Echo is a simple gRPC service that we wrote to test and experiment with gRPC and ConnectRPC
agent.io/posts/echo/
loading . . .
What can we learn with a simple gRPC service?
Exploring gRPC and connectrpc with a simple echo service.
https://agent.io/posts/echo/
4 months ago
0
0
0
How IO uses gRPC:
agent.io/posts/grpc/
loading . . .
How IO runs on gRPC
IO doesn’t just manage gRPC APIs, gRPC makes IO go.
https://agent.io/posts/grpc/
4 months ago
0
0
0
IO was created to work with a set of API management APIs from Google called Service Infrastructure, but now we think we've outgrown it.
agent.io/decisions/dr...
loading . . .
Drop Service Infrastructure
Remove integration with Google’s Service Infrastructure APIs.
https://agent.io/decisions/dropserviceinfra/
4 months ago
0
0
0
What's it like to run an application with Nomad and IO? Here's an example with bonus info about gRPC:
agent.io/posts/memos/
loading . . .
These are my Memos on IO
Here’s how I self-host a gRPC-based web application with IO.
https://agent.io/posts/memos/
5 months ago
0
0
0
Here's a practical benefit of our exploration of
@hashicorp.com
's Nomad and Vault: all of the configuration for this Nomad-hosted ATProto PDS is now read from secrets in Vault.
5 months ago
0
1
0
I'm getting more and more hooked on Nomad. With the raw_exec driver, I can run pretty much anything on my Nomad-running laptop. Here's how I use it to automatically unseal Vault.
agent.io/posts/laptop...
loading . . .
Nomad+Vault to Go
How I set up my Ubuntu laptops to run Nomad and Vault.
https://agent.io/posts/laptop-setup/#appendix-automatically-unsealing-vault
5 months ago
0
0
0
"The caller never sees this secret." IO can read and apply API keys so that applications can securely use secrets without ever directly possessing them.
agent.io/posts/vault
loading . . .
Let IO Handle your Vault Secrets
If you’re protecting your secrets with Vault, why are you handing them out to your applications? Let IO handle them instead.
https://agent.io/posts/vault
5 months ago
0
0
1
Here's IO using an API key that it read from Vault using its Nomad workload identity.
5 months ago
0
2
1
We've been working a lot with HashiCorp's Nomad and Vault. Here's an easy way to run them both on an Ubuntu laptop.
agent.io/posts/laptop...
loading . . .
Nomad+Vault to Go
How I set up my Ubuntu laptops to run Nomad and Vault.
https://agent.io/posts/laptop-setup/
5 months ago
0
0
1
Our preferred JWx library is
@lestrrat.bsky.social
‬'s lestrrat-go/jwx
agent.io/decisions/jwt/
loading . . .
Use one JWT library
Use github.com/lestrrat-go/jwx/v3 for all JWT operations.
https://agent.io/decisions/jwt/
5 months ago
0
0
0
A more general idea behind "No SDKs" and other design decisions is that we work to keep the number of third-party dependencies low and their quality high.
agent.io/decisions/de...
loading . . .
Minimize Dependencies
Keep third-party dependencies at a minimum.
https://agent.io/decisions/dependencies/
5 months ago
0
0
0
Finally (for now), we've been picky about limiting dependencies and controlling the network connections that IO makes. This seems worth noting as a decision, i.e. "No SDKs".
agent.io/decisions/sd...
loading . . .
No SDKs
No third-party SDKs are used by IO to call networked APIs.
https://agent.io/decisions/sdks/
6 months ago
0
0
0
Now we have a small fleet of droplets running Nomad and IO to use for testing and demos. We can manage them all over SSH, and quickly went from bash scripts to a small Go tool that can do things like check versions and trigger restarts.
agent.io/decisions/fl...
loading . . .
Use a Custom Fleet Manager
Manage node configurations with Go and ssh.
https://agent.io/decisions/fleet/
6 months ago
0
0
0
When we initially thought of adding analytics to the preview, we added a small custom API for sending them. But a little bit of investigation led to Open Telemetry, which we're using in a very basic and direct way (with no SDKs).
agent.io/decisions/ot...
loading . . .
Use Open Telemetry
Use Open Telemetry and Grafana for metrics, logging, and tracing.
https://agent.io/decisions/otel/
6 months ago
1
1
0
Once we had images on DockerHub, we started getting warnings about security vulnerabilities in the standard Envoy releases that we were using as base images. This led us to switch to the Envoy "distroless" images that are published by a team at Google.
agent.io/decisions/di...
loading . . .
Use Distroless Envoy images
Reduce dependencies, vulnerabilites, and image size.
https://agent.io/decisions/distroless/
6 months ago
0
0
0
At this point, the realization that "we've made so many decisions" forced me to stop, come up with a structure, and put as many past decisions that I could think of in it.
agent.io/decisions/re...
loading . . .
Record Decisions
Keep a record of significant decisions that have been made or are in progress.
https://agent.io/decisions/records/
6 months ago
0
0
0
The preview is based on IO Docker images, and setting up a paid DockerHub account seemed to be the best way to directly manage these and other images that we wanted to publish.
agent.io/decisions/do...
loading . . .
Use DockerHub
Use DockerHub for container distribution.
https://agent.io/decisions/dockerhub/
6 months ago
0
0
0
Adding SSH support made it clear that it would be easy to add SFTP/SCP support, which has been a great way to read and write configuration of remote IOs. More uses are coming.
agent.io/decisions/scp/
loading . . .
Use SCP and SFTP
Use SCP and SFTP to configure and observe IO.
https://agent.io/decisions/scp/
6 months ago
0
0
0
Honestly, THIS IS SO COOL. As soon as we discovered that we could use Charm's wish package to SSH into remote running IOs, we had to do it.
agent.io/decisions/ssh/
loading . . .
Use SSH to connect to IO
Use SSH to make the IO TUI available to remote users.
https://agent.io/decisions/ssh/
6 months ago
0
0
0
Our first step from the homelab to the cloud was to use Digital Ocean. The big draw was the simplicity of the console experience and Digital Ocean's APIs.
agent.io/decisions/di...
loading . . .
Use Digital Ocean
Prefer Digital Ocean for online operations and examples.
https://agent.io/decisions/digitalocean/
6 months ago
1
0
0
We're using Google Workspace for email and docs.
agent.io/decisions/wo...
loading . . .
Use Google Workspace
Use Google Workspace to host agent.io email and docs.
https://agent.io/decisions/workspace/
6 months ago
0
0
0
What's the least-commitment way to make IO available to other users? I wasn't ready to go through any "one-way doors", so we decided to start with a private preview.
agent.io/decisions/pr...
loading . . .
Release a Private Preview
Initially release IO in a licensed private preview with analytics.
https://agent.io/decisions/preview/
6 months ago
0
0
0
IO manages secrets so applications never see them. But where should secrets be kept? IO can store them in local storage, but to increase security, we wanted to integrate with a secrets manager. We decided to start with Vault.
agent.io/decisions/va...
loading . . .
Use Vault
Build Vault integration and use Vault to manage secrets.
https://agent.io/decisions/vault/
6 months ago
0
0
0
Importing generated code from other people's repos is a recipe for suffering, so we don't do it.
agent.io/decisions/pr...
loading . . .
Internalize Protobuf Codegen
All protobuf support code that IO uses is generated within the project.
https://agent.io/decisions/protos/
6 months ago
0
0
0
Zig seems like a language that we'll be using in the future, but maybe not just yet.
agent.io/decisions/zig/
loading . . .
Evaluate Zig
Consider using Zig for future projects that call for high performance with limited dependencies.
https://agent.io/decisions/zig/
6 months ago
0
0
0
"We do these things not because they are easy, but because we thought they were going to be easy." ATProto OAuth is just a small add-on to OAuth, right?
agent.io/decisions/at...
loading . . .
Build ATProto OAuth Support
Build support for AT Protocol Authorization directly into IO.
https://agent.io/decisions/atproto/
6 months ago
0
1
0
After building ACME into IO's ingress mode, we realized that we could also add OAuth support by having IO intercept OAuth callbacks, and IO's calling mode could apply the auth tokens, making OAuth-based applications *much* simpler. So how could we resist?
agent.io/decisions/oa...
loading . . .
Build OAuth Support
Build support for OAuth into IO.
https://agent.io/decisions/oauth/
6 months ago
0
1
0
Maybe the best argument for using Nomad is Kubernetes. But if you haven't used either, and especially if you're looking for something that you can start running on just a few nodes and easily understand, try Nomad. You don't need Nomad to use IO but they work great together.
agent.io/decisions/no...
loading . . .
Use Nomad
Build Nomad integration and use Nomad to manage containers.
https://agent.io/decisions/nomad/
6 months ago
0
0
0
Interactive configuration is great, but for reproducibility, IO needed a configuration language. YAML? The experience of using Envoy's YAML config was a pretty strong argument against that. Hashicorp's HCL had an appealing directness and a great Go support library.
agent.io/decisions/hcl/
loading . . .
Use HCL
Configure IO with the Hashicorp Configuration Language.
https://agent.io/decisions/hcl/
6 months ago
0
0
0
The idea to build ingress into IO came when I replaced the Kubernetes in my homelab with Nomad. ACME support in IO was surprisingly easy to add and has been much easier to troubleshoot than k8s cert-manager.
agent.io/decisions/ac...
loading . . .
Build ACME Support
Build support for the ACME protocol into IO to automatically provision SSL certificates.
https://agent.io/decisions/acme/
6 months ago
0
0
0
Coming into web development cold, Hugo and the Blowfish theme made it easy to get a content-rich site off the ground. But easy to customize? IDK.
agent.io/decisions/hu...
loading . . .
Use Hugo
Use Hugo and Blowfish to build web sites.
https://agent.io/decisions/hugo/
6 months ago
0
0
0
Google App Engine has some flaws, but it's a great way to put up a web site and forget about it. For now it's being used to run our main site.
agent.io/decisions/ap...
loading . . .
Use App Engine
Use Google App Engine, but minimally, focusing on static site publication with minimal backend automation.
https://agent.io/decisions/appengine/
6 months ago
0
0
0
When IO needed persistent storage, SQLite was the clear choice. Not only was it well-proven, the sqlite3 command-line tool made it easy to manage state outside of IO.
agent.io/decisions/sq...
loading . . .
Use SQLite
Use SQLite for IO internal storage and general data persistence.
https://agent.io/decisions/sqlite/
6 months ago
0
0
0
With one look at Bubble Tea we were sold. Adding a TUI opened up exciting possibilities of visibility and dynamic control of IO.
agent.io/decisions/bu...
loading . . .
Use BubbleTea
Use BubbleTea to build a terminal user interface for IO.
https://agent.io/decisions/bubbletea/
6 months ago
0
0
0
Google's Go gRPC library is solid, but it also contains some things that we don't need for a local gRPC service running over Linux abstract sockets, so instead we use Buf Connect for our gRPC connections.
agent.io/decisions/bu...
loading . . .
Use Buf Connect
Use Buf Connect instead of Google’s Go gRPC library.
https://agent.io/decisions/bufconnect/
6 months ago
0
0
0
What's in a name? Ours is "IO".
agent.io/decisions/io/
loading . . .
Name the proxy "IO"
Use “IO” to clearly assert the project’s goals.
https://agent.io/decisions/io/
6 months ago
0
0
0
Linux Abstract Sockets provide a simple and fast way for IO to communicate with the local Envoy that it controls.
agent.io/decisions/ab...
loading . . .
Use Linux Abstract Sockets
Use Linux Abstract Sockets for local communication
https://agent.io/decisions/abstractsockets/
6 months ago
0
0
0
IO uses Envoy in the same way that it uses Go: as a powerful component that unlocks a higher level of usefulness.
agent.io/decisions/en...
loading . . .
Build an Envoy Controller
IO is an Envoy controller and Envoy is a core component of IO.
https://agent.io/decisions/envoy/
6 months ago
0
0
0
Rust can be a great language for a lot of applications, but for us, the lack of mature infrastructure convinced us that it would be too much work.
agent.io/decisions/ru...
loading . . .
Avoid Rust
Hold on Rust investigations. Rust doesn’t seem to be a good fit for our current needs and practices.
https://agent.io/decisions/rust/
6 months ago
0
0
0
Google sells an API management product that it doesn't use for any of its own APIs. Instead it uses a collection of API management APIs that it calls "Service Infrastructure". Digging deep into this was a prelude to IO.
agent.io/decisions/se...
loading . . .
Document Service Infrastructure
Thoroughly explain and evaluate the Service Infrastructure APIs.
https://agent.io/decisions/serviceinfra/
6 months ago
0
0
0
Is Go the greatest? Of course it depends what you're making, but for a one-person networking project, the available infrastructure made it a clear favorite.
agent.io/decisions/go/
loading . . .
Develop in Go
Use Go for all significant code development.
https://agent.io/decisions/go/
6 months ago
0
0
0
It can be startling and frustrating to see how soon naming questions arise in a software project. Here it was in choosing a GitHub org name.
agent.io/decisions/gi...
loading . . .
Use the agentio GitHub organization
Keep all Agent IO code in the agentio org on GitHub.
https://agent.io/decisions/github-org/
6 months ago
0
0
0
If no one is telling you what to do, how do you decide what to work on?
agent.io/decisions/sc...
loading . . .
Scope the Project
Build something for developers that makes it easier and safer to work with APIs.
https://agent.io/decisions/scope/
6 months ago
0
0
0
Load more
feeds!
log in
