Ndewo, Habr! M na-ewetara gị ntụgharị asụsụ nke post ahụ: .
Onye ozi bụ ihe nkesa proxy na-ekesa dị elu (nke edere na C ++) emebere maka ọrụ na ngwa nke onye ọ bụla, ọ bụkwa ụgbọ ala nkwukọrịta na "ụgbọ elu data zuru ụwa ọnụ" emebere maka nnukwu microservice "mesh mesh" architectures. Mgbe ị na-eke ya, a na-eburu n'uche ihe ngwọta maka nsogbu ndị bilitere n'oge mmepe nke sava dị ka NGINX, HAProxy, ndị na-ebu ibu ngwaike na igwe ojii. Onye ozi na-arụ ọrụ n'akụkụ ngwa ọ bụla ma na-ewepụta netwọkụ iji nye ọrụ nkịtị n'agbanyeghị ikpo okwu. Mgbe okporo ụzọ ọrụ niile dị na akụrụngwa na-agafe na ntupu ozi, ọ na-adị mfe iji anya nke uche hụ ebe nsogbu na-elele anya, na-emegharị arụmọrụ n'ozuzu ya, na ịgbakwunye ọrụ bụ isi n'otu ebe.
Atụmatụ
- Ihe owuwu na-abụghị nke usoro: onye ozi bụ ihe nkesa nwere onwe ya, nke na-arụ ọrụ dị elu nke na-ewe obere RAM. Ọ na-arụ ọrụ na njikọ asụsụ ma ọ bụ ụkpụrụ ọ bụla ngwa.
- Nkwado http/2 na grpc: onye nnọchi anya nwere http/2 klas mbụ yana nkwado grpc maka njikọ mbata na ọpụpụ. Nke a bụ proxy pụtara ìhè site na http/1.1 ruo http/2.
- Nhazi ibu dị elu: onye nnọchi anya na-akwado njirimara nguzozi ibu dị elu gụnyere nnwale akpaka, nbibi yinye, mmachi ọnụego zuru ụwa ọnụ, ndò arịrịọ, mezie ibu mpaghara mpaghara, wdg.
- API njikwa nhazi: onye ozi na-enye API siri ike maka ijikwa nhazi gị nke ọma.
- Nleba anya: Nleba anya miri emi nke okporo ụzọ L7, nkwado nwa afọ maka nchụso ekesa na nleba anya nke mongodb, dynamodb na ọtụtụ ngwa ndị ọzọ.
Nzọụkwụ 1 - Ọmụmaatụ NGINX Config
Edemede a na-eji faịlụ emepụtara nke ọma nginx.conf, dabere na ihe atụ zuru oke si . Ị nwere ike ịlele nhazi na nchịkọta akụkọ site na imepe nginx.conf
nginx isi mmalite config
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}Nhazi NGINX na-enwekarị isi ihe atọ:
- Na-ahazi ihe nkesa NGINX, nhazi ndekọ na ọrụ Gzip. A kọwara nke a n'ụwa niile n'ọnọdụ niile.
- Na-ahazi NGINX iji nabata arịrịọ n'aka onye ọbịa otu.ihe atụ.com na ọdụ ụgbọ mmiri 8080.
- Ịtọlite ebe ebumnuche, otu esi ejikwa okporo ụzọ maka akụkụ dị iche iche nke URL.
Ọ bụghị nhazi niile ga-emetụta Proxy Envoy, ọ dịghịkwa mkpa ka ị hazie ụfọdụ ntọala. Onye nnọchiteanya nwere ụdị igodo anọ, nke na-akwado isi akụrụngwa nke NGINX na-enye. Isi ihe bụ:
- Ndị na-ege ntị: Ha na-ekpebi ka onye nnọchiteanya Proxy si anabata arịrịọ mbata. Envoy Proxy na-akwado naanị ndị na-ege ntị dabere na TCP. Ozugbo njikọ guzosiri ike, a na-ebufe ya na nhazi nke nzacha maka nhazi.
- Ihe nzacha: Ha bụ akụkụ nke ụlọ ọrụ pipeline nwere ike hazie data mbata na ọpụpụ. Ọrụ a gụnyere ihe nzacha dị ka Gzip, nke na-akpakọ data tupu iziga ya onye ahịa.
- Ndị ọkwọ ụgbọ ala: Ha na-ebuga okporo ụzọ gaa ebe achọrọ, akọwapụtara dị ka ụyọkọ.
- ụyọkọ: Ha na-akọwa njedebe njedebe maka okporo ụzọ na nhazi nhazi.
Anyị ga-eji akụkụ anọ ndị a mepụta nhazi Proxy nke Envoy ka ọ dabara na nhazi NGINX. Ebumnuche onye ozi bụ iji API rụọ ọrụ yana nhazi dị ike. N'okwu a, nhazi ntọala ga-eji ntọala ntọala siri ike sitere na NGINX.
Nzọụkwụ 2 - Nhazi NGINX
Akụkụ mbụ nginx.conf na-akọwa ụfọdụ NGINX internals nke kwesịrị ịhazi.
Njikọ ndị ọrụ
Nhazi dị n'okpuru na-ekpebi ọnụọgụ nke usoro ndị ọrụ na njikọ. Nke a na-egosi ka NGINX ga-esi gbakọọ iji gboo mkpa.
worker_processes 2;
events {
worker_connections 2000;
}Onye nnọchi anya onye nnọchi anya na-ejikwa usoro ọrụ yana njikọ n'ụzọ dị iche iche.
Onye ozi na-emepụta eri onye ọrụ maka eriri ngwaike ọ bụla na sistemụ. Eriri onye ọrụ ọ bụla na-eme loop mmemme anaghị egbochi ya bụ nke kpatara ya
- Na-ege onye ọ bụla na-ege ntị ntị
- Ịnabata njikọ ọhụrụ
- Ịmepụta nhazi nzacha maka njikọ
- Hazie ọrụ I/O niile n'oge ndụ njikọ ahụ.
A na-edozi nhazi njikọ niile na eri nke onye ọrụ, gụnyere omume mbugharị ọ bụla.
Maka eriri onye ọrụ ọ bụla na Envoy, enwere ọdọ mmiri njikọ. Yabụ, ọdọ mmiri njikọ HTTP/2 na-emelite otu njikọ n'otu onye ọbịa n'otu oge, ọ bụrụ na enwere eriri ndị ọrụ anọ a ga-enwe njikọ HTTP / 2 anọ maka ndị ọbịa mpụga na steeti kwụsiri ike. Site n'idebe ihe niile n'otu eriri onye ọrụ, ihe fọrọ nke nta ka ọ bụrụ koodu niile nwere ike ide na-enweghị igbochi, dị ka a ga-asị na ọ bụ otu eriri. Ọ bụrụ na ekenye ọtụtụ eriri ndị ọrụ karịa ka ọ dị mkpa, nke a nwere ike iduga na ebe nchekwa efu, ịmepụta ọnụ ọgụgụ dị ukwuu nke njikọ na-abaghị uru, na ibelata ugboro ole njikọ na-alaghachi azụ na ọdọ mmiri.
Maka ozi ndị ọzọ nleta .
Nhazi HTTP
Ihe ngbochi nhazi NGINX na-akọwapụta ntọala HTTP dị ka:
- Kedu ụdị mime na-akwado
- Oge agwụla agwụ
- Nhazi Gzip
Ị nwere ike hazie akụkụ ndị a site na iji ihe nzacha na Envoy Proxy, nke anyị ga-atụle ma emechaa.
Nzọụkwụ 3 - Nhazi nkesa
Na ngọngọ nhazi HTTP, nhazi NGINX na-akọwapụta ịge ntị na ọdụ ụgbọ mmiri 8080 wee zaghachi arịrịọ mbata maka ngalaba. otu.ihe atụ.com и www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;N'ime onye ozi, ndị na-ege ntị na-achịkwa ya.
Ndị na-ege ntị ozi
Akụkụ kachasị mkpa nke ịmalite na Envoy Proxy bụ ịkọwa ndị na-ege gị ntị. Ịkwesịrị ịmepụta faịlụ nhazi nke na-akọwa otu ịchọrọ isi mee ihe atụ Envoy.
Mpempe akwụkwọ dị n'okpuru ga-emepụta onye na-ege ntị ọhụrụ wee kee ya na ọdụ ụgbọ mmiri 8080. Nhazi ahụ na-agwa Envoy Proxy nke ọdụ ụgbọ mmiri ọ kwesịrị ijikọ maka arịrịọ mbata.
Onye nnọchiteanya na-eji akara YAML maka nhazi ya. Maka okwu mmeghe nke ndetu a, lee ebe a .
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }Ọ dịghị mkpa ịkọwa aha njirimara, ebe ọ bụ na nzacha ndị nnọchiteanya ga-edozi nke a.
Nzọụkwụ 4 - Nhazi ebe
Mgbe arịrịọ batara na NGINX, ngọngọ ebe na-ekpebi otu esi edozi na ebe a ga-esi agafe okporo ụzọ. N'iberibe na-esonụ, a na-ebufe okporo ụzọ niile na saịtị ahụ gaa n'elu elu (akwụkwọ ntụgharị: elu na-abụkarị ihe nkesa ngwa) ụyọkọ aha ya bụ. targetCluster. Ụyọkọ dị n'elu na-akọwa ọnụ ụzọ kwesịrị ịhazi arịrịọ ahụ. Anyị ga-atụle nke a na nzọụkwụ na-esonụ.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}Na Envoy, Filters na-eme nke a.
Ihe nzacha ndị ozi
Maka nhazi kwụ ọtọ, nzacha na-ekpebi ka esi hazie arịrịọ mbata. N'okwu a, anyị na-edozi ihe nzacha dabara aha sava na nzọụkwụ gara aga. Mgbe arịrịọ mbata bịarutere dabara na ngalaba na ụzọ ụfọdụ, a na-ebugharị okporo ụzọ gaa na ụyọkọ ahụ. Nke a bụ otu NGINX nhazi ala dị elu.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.routeraha onye ozi.http_connection_manager bụ ihe nzacha arụnyere n'ime onye nnọchi anya Envoy. Ihe nzacha ndị ọzọ gụnyere Redis, Mongo, TCP. Ị nwere ike ịchọta ndepụta zuru ezu na .
Maka ozi ndị ọzọ gbasara amụma itule ibu ndị ọzọ, gaa na .
Nzọụkwụ 5 - Nhazi proxy na Upstream
Na NGINX, nhazi nke elu na-akọwapụta ihe nkesa nke ga-edozi okporo ụzọ. N'okwu a, e kenyere ụyọkọ abụọ.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}Na Envoy, nke a bụ ụyọkọ.
ụyọkọ ndị ozi
Akọwapụtara ihe mgbago elu dị ka ụyọkọ. N'okwu a, a chọpụtala ndị ọbịa ga-eje ozi na okporo ụzọ. Otu esi enweta ndị ọbịa, dị ka nkwụsị oge, ka akọwara dị ka nhazi ụyọkọ. Nke a na-enye ohere maka njikwa granular karịa akụkụ ndị dị ka latency na nhazi ibu.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]Mgbe ị na-eji nchọpụta ọrụ STRICT_DNS Onye ozi ga-aga n'ihu na n'otu oge na-edozi ebumnuche DNS akọwapụtara. Adreesị IP ọ bụla eweghachiri site na nsonaazụ DNS ka a ga-ewere dị ka onye ọbịa doro anya na ụyọkọ mgbago elu. Nke a pụtara na ọ bụrụ na arịrịọ weghachi adreesị IP abụọ, onye nnọchi anya ga-eche na enwere ndị ọbịa abụọ na ụyọkọ ahụ, ha abụọ ga-enwerịrị ibu kwesịrị ekwesị. Ọ bụrụ na ewepụrụ onye ọbịa na nsonaazụ ya, onye nnọchi anya ga-eche na ọ nweghịzịkwa ma dọpụta okporo ụzọ site na ọdọ mmiri njikọ ọ bụla dị.
Maka ozi ndị ọzọ lee .
Nzọụkwụ 6 - Log Access na Njehie
Nhazi ikpeazụ bụ ndebanye aha. Kama ịkwanye ndekọ njehie na diski, Envoy Proxy na-ewe usoro dabere na ígwé ojii. A na-ewepụta ndekọ ngwa niile na zọọ и Onyedika.
Mgbe ndị ọrụ na-arịọ arịrịọ, ndekọ ohere bụ nhọrọ ma nwee nkwarụ site na ndabara. Iji mee ka ịnweta ndekọ maka arịrịọ HTTP, mee nhazi ahụ access_log maka njikwa njikọ HTTP. Ụzọ nwere ike ịbụ ma ngwaọrụ dị ka zọọ, ma ọ bụ faịlụ na diski, dabere na ihe ị chọrọ.
Nhazi na-esonụ ga-emegharị ndekọ ohere niile na zọọ (Ihe ndetu onye ntụgharị - stdout chọrọ iji onye nnọchi anya n'ime docker. Ọ bụrụ na ejiri ya na-enweghị docker, wee dochie / dev/stdout na ụzọ faịlụ ndekọ oge niile). Detuo snippet ahụ na ngalaba nhazi maka njikwa njikọ:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"Nsonaazụ kwesịrị ịdị ka nke a:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:Site na ndabara, Onye ozi nwere eriri usoro nke gụnyere nkọwa nke arịrịọ HTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"nNsonaazụ nke eriri usoro a bụ:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"Enwere ike ịhazi ọdịnaya mmepụta site na ịtọ ubi nhazi. Ọmụmaatụ:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"Enwere ike ịwepụta ahịrị log ahụ n'ụdị JSON site na ịtọ ubi ahụ json_format. Dịka ọmụmaatụ:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}Maka ozi ndị ọzọ na usoro ndebanye aha ndị nnọchi anya, gaa na
Ịbanye abụghị naanị ụzọ ị ga-esi nweta nghọta n'ịrụ ọrụ na onye nnọchi anya Envoy. O meela nchọta dị elu yana ike metrik arụnyere n'ime ya. Ị nwere ike ịmatakwu na ma ọ bụ site na .
Nzọụkwụ 7 - Mwepụta
Ị si na NGINX kwaga nhazi gị ugbu a gaa na onye nnọchi anya Envoy. Nzọụkwụ ikpeazụ bụ ịmalite ihe atụ nnọchite nke Envoy iji nwalee ya.
Gbaa ọsọ dị ka onye ọrụ
N'elu akara nhazi NGINX onye ọrụ www; na-akọwapụta ịgba ọsọ NGINX dị ka onye ọrụ nwere obere ohere iji melite nchekwa.
Onye nnọchi anya nnọchite anya igwe ojii na-ewe ụzọ dabere na igwe ojii iji jikwaa onye nwere usoro. Mgbe anyị na-agba ọsọ Envoy Proxy site na akpa, anyị nwere ike ịkọwa onye ọrụ nwere obere ihe ùgwù.
Mwepụta proxy onye nnọchi anya
Iwu dị n'okpuru ga-agba ọsọ nke Envoy Proxy site na akpa Docker na onye ọbịa ahụ. Iwu a na-enye Envoy ikike ige ntị maka arịrịọ na-abata na ọdụ ụgbọ mmiri 80. Otú ọ dị, dị ka akọwapụtara na nhazi ndị na-ege ntị, Envoy Proxy na-ege ntị maka okporo ụzọ na-abata na ọdụ ụgbọ mmiri 8080. Nke a na-enye ohere ka usoro ahụ na-agba ọsọ dị ka onye ọrụ dị ala.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoyUle
Site na proxy na-agba ọsọ, enwere ike ịme ma hazie ule ugbu a. Iwu cURL na-esote na-enye arịrịọ site na nkụnye eji isi mee onye ọbịa akọwapụtara na nhazi proxy.
curl -H "Host: one.example.com" localhost -iArịrịọ HTTP ga-ebute mperi 503. Nke a bụ n'ihi na njikọ dị n'elu anaghị arụ ọrụ ma ọ dịghị. Ya mere, Onye nnọchiteanya Proxy enweghị ebe dị maka arịrịọ ahụ. Iwu na-esote ga-amalite usoro ọrụ HTTP dabara na nhazi akọwapụtara maka Onye ozi.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;Site na ọrụ dịnụ, Onye ozi nwere ike ịga nke ọma proxy okporo ụzọ gaa ebe ọ na-aga.
curl -H "Host: one.example.com" localhost -iỊ ga-ahụ nzaghachi na-egosi nke akpa Docker hazie arịrịọ ahụ. N'ime ndekọ aha proxy nke Envoy ị ga-ahụkwa mmepụta eriri ohere.
Ndị isi nzaghachi HTTP agbakwunyere
Ị ga-ahụ ndị nkụnye eji isi mee HTTP agbakwunyere na isi nzaghachi nke arịrịọ ahụ. nkụnye eji isi mee na-egosiputa oge onye nnabata na-agbago na-eji hazie arịrịọ ahụ. Ekwuru na millise seconds. Nke a bara uru ma ọ bụrụ na onye ahịa chọrọ ikpebi oge ọrụ ma e jiri ya tụnyere latency netwọk.
x-envoy-upstream-service-time: 0
server: envoyNhazi ikpeazụ
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }Ozi nkowa mgbakwunye sitere na onye ntụgharị
Enwere ike ịchọta ntuziaka maka ịwụnye Proxy Envoy na webụsaịtị
Site na ndabara, rpm enweghị nhazi ọrụ sistemụ.
Tinye nhazi ọrụ sistemu /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.targetỊkwesịrị ịmepụta ndekọ /etc/envoy/ ma tinye nhazi config.yaml ebe ahụ.
Enwere nkata telegram site na iji proxy ndị nnọchi anya:
Onye nnọchi anya nnọchi anya anaghị akwado inye ọdịnaya kwụ ọtọ. Ya mere, onye nwere ike ịtụ vootu maka atụmatụ ahụ:
Naanị ndị ọrụ edebanyere aha nwere ike isonye na nyocha a. , Biko.
Nzi ozi a ọ gbara gị ume ịwụnye ma nwalee proxy onye nnọchi anya?
-
ee
-
ọ dịghị
Ndị ọrụ 75 tụrụ vootu. Ndị ọrụ 18 anabataghị.
isi: www.habr.com