hi @dgn !
Is it possible to use wasm hub registry or mount wasm module instead of copying it directly to istio-proxy container?
Considering pods are ephemeral, there should be more elegant solution to keep wasm module mounted to istio-proxy.
Much appreciate your help!

Reference: https://github.com/dgn/oidc-filter/blob/master/example/deploy.sh#L16

ConfigMap should help,but for files <1Mb
https://discuss.istio.io/t/istio-1-7-fails-to-create-a-wasm-filter/8208/10

kubectl create cm -n default example-filter --from-file=path/to/oidc-filter.wasm

Pod annotations to mount this configmap

sidecar.istio.io/userVolume: '[{"name":"wasmfilters-dir","configMap": {"name": "example-filter"}}]'
sidecar.istio.io/userVolumeMount: '[{"mountPath":"/var/local/lib/wasm-filters","name":"wasmfilters-dir"}]'

Yup, ConfigMaps are not sufficient for this filter, it's 1.7mb on my machine

I got it down to 463kb by applying that in the Cargo.yaml:

[profile.release]
lto = true

I guess another option would be to declare a custom istio sidecar image in the operator profile.

I guess another option would be to declare a custom istio sidecar image in the operator profile.

Right, that's always an option if you can get that past your local IT/platform team ;). We're working on a packaging format upstream that should solve this, it's probably going to be a container image

if you do something upstream, maybe supporting compression might be good from the start 😃

41778348 960 -rwxr-xr-x  2 marcbachmann  staff   478K Feb 12 00:15 target/wasm32-unknown-unknown/release/oidc_filter.wasm
41984183 384 -rw-r--r--  1 marcbachmann  staff   129K Feb 13 04:50 target/wasm32-unknown-unknown/release/oidc_filter.wasm.br
41782465 328 -rw-r--r--  1 marcbachmann  staff   163K Feb 12 00:18 target/wasm32-unknown-unknown/release/oidc_filter.wasm.gz

Closing this as we're now producing a container image which can be used in Istio and OpenShift Service Mesh