ืฉืืื, ืืืจ! ืื ื ืืืื ืืืืืขืชื ืชืจืืื ืฉื ืืคืืกื:
Envoy ืืื ืฉืจืช ืคืจืืงืกื ืืืืืจ ืืขื ืืืฆืืขืื ืืืืืื (ืืชืื ื-C++) ืืืืืขื ืืฉืืจืืชืื ืืืืฉืืืื ืืืืืื, ืืื ืื ืืคืืง ืชืงืฉืืจืช ื"ืืืฉืืจ ื ืชืื ืื ืืื ืืืจืกืื" ืืืืืขื ืืืจืืืืงืืืจืืช "ืจืฉืช ืฉืืจืืช" ืืืืืืช ืฉื ืืืงืจื-ืฉืืจืืชืื. ืืขืช ืืฆืืจืชื ื ืืงืื ืืืฉืืื ืคืชืจืื ืืช ืืืขืืืช ืฉืขืื ืืืืื ืคืืชืื ืฉืจืชืื ืืืื NGINX, HAProxy, ืืืืจื ืืืื ื ืขืืืกืื ืืืืื ื ืขืืืก ืืขื ื. Envoy ืคืืขืืช ืืฆื ืื ืืคืืืงืฆืื ืืืคืฉืืช ืืช ืืจืฉืช ืืื ืืกืคืง ืคืื ืงืฆืืื ืืืืช ืืฉืืชืคืช ืืื ืงืฉืจ ืืคืืืคืืจืื. ืืืฉืจ ืื ืชืขืืืจืช ืืฉืืจืืช ืืชืฉืชืืช ืืืจืืช ืืจื ืจืฉืช Envoy, ืงื ืืืืืื ืืืืจืื ืืขืืืชืืื ืขื ืฆืคืืื ืขืงืืืช, ืืืืื ืืช ืืืืฆืืขืื ืืืืืืื ืืืืืกืืฃ ืคืื ืงืฆืืื ืืืืช ืืืื ืืืืงืื ืกืคืฆืืคื.
ืืืืืืช
- ืืจืืืืงืืืจื ืืืืฅ ืืชืืืื: envoy ืืื ืฉืจืช ืขืฆืืื, ืืขื ืืืฆืืขืื ืืืืืื, ืืฉืจ ืชืืคืก ืืืืช ืงืื ื ืฉื ืืืืจืื RAM. ืื ืขืืื ืืฉืืืื ืขื ืื ืฉืคืช ืืืฉืื ืื ืืกืืจืช.
- ืชืืืื ื-http/2 ื-grpc: ื-envoy ืืฉ ืชืืืื ื-http/2 ื-grpc ืืืฉืืจื ืืจืืฉืื ื ืขืืืจ ืืืืืจืื ื ืื ืกืื ืืืืฆืืื. ืืื ืคืจืืงืกื ืฉืงืืฃ ื-http/1.1 ื-http/2.
- ืืืืื ืขืืืกืื ืืชืงืื: ืืฉืืื ืชืืื ืืชืืื ืืช ืืชืงืืืืช ืฉื ืืืืื ืขืืืกืื ืืืื ื ืืกืืื ืืช ืืืืจืื ืืืืืืืืื, ืฉืืืจืช ืฉืจืฉืจืช, ืืืืืช ืชืขืจืืคืื ืืืืืืืช, ืืฆืืืช ืืงืฉืืช, ืืืืื ืขืืืก ืืืืจื ืืงืืื ืืื'.
- API ืื ืืืื ืชืฆืืจื: envoy ืืกืคืง API ืืืง ืื ืืืื ืืื ืื ืฉื ืืชืฆืืจื ืฉืื.
- ืฆืคืืื: ืฆืคืืืช ืขืืืงื ืฉื ืชืขืืืจืช L7, ืชืืืื ืืงืืจืืช ืืืขืงื ืืฆืคืืื ืืืืืจ ืฉื mongodb, dynamodb ืืืืฉืืืื ืจืืื ืืืจืื.
ืฉืื 1 - ืืืืื ืืชืฆืืจืช NGINX
ืกืงืจืืคื ืื ืืฉืชืืฉ ืืงืืืฅ ืืขื ืืื ื ืืืืื nginx.conf, ืืืชืืกืก ืขื ืืืืืื ืืืืื ื
ืชืฆืืจืช ืืืงืืจ ืฉื nginx
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
ืืชืฆืืจืืช NGINX ืืฉ ืืืจื ืืื ืฉืืืฉื ืืจืืืื ืืคืชื:
- ืืืืจืช ืฉืจืช NGINX, ืืื ื ืืืื ืืคืื ืงืฆืืื ืืืืช Gzip. ืื ืืืืืจ ืืืืคื ืืืืืื ืืื ืืืงืจืื.
- ืืืืจืช NGINX ืืงืืืช ืืงืฉืืช ืืืืจื one.example.com ืืืฆืืื 8080.
- ืืืืจืช ืืืงืื ืืืขื, ืืืฆื ืืืคื ืืชื ืืขื ืขืืืจ ืืืงืื ืฉืื ืื ืฉื ืืชืืืช ืืืชืจ.
ืื ืื ืืชืฆืืจื ืชืืื ืขื Envoy Proxy, ืืืชื ืื ืฆืจืื ืืืืืืจ ืืืืจืืช ืืกืืืืืช. ืฉืืื ืคืจืืงืกื ืืฉ ืืจืืขื ืกืืื ืืคืชื, ืืชืืืืื ืืชืฉืชืืช ืืืืื ืฉืืฆืืขื NGINX. ืืืืื ืืื:
- ืืืืื ืื: ืื ืงืืืขืื ืืืฆื ื-Envoy Proxy ืืงืื ืืงืฉืืช ื ืื ืกืืช. Envoy Proxy ืชืืื ืืจืืข ืจืง ืืืืืื ืื ืืืืกืกื TCP. ืืืืจ ืืฆืืจืช ืืืืืจ, ืืื ืืืขืืจ ืืืขืจืืช ืฉื ืืกื ื ืื ืืขืืืื.
- ืืกื ื ืื: ืื ืืืง ืืืจืืืืงืืืจืช ืฆืื ืืจ ืฉืืืืื ืืขืื ื ืชืื ืื ื ืื ืกืื ืืืืฆืืื. ืคืื ืงืฆืืื ืืืืช ืื ืืืืืช ืืกื ื ืื ืืืื Gzip, ืืฉืจ ืืืืก ืืช ืื ืชืื ืื ืืคื ื ืฉืืืืชื ืืืงืื.
- ื ืชืืื: ืื ืืขืืืจืื ืชื ืืขื ืืืขื ืื ืืจืฉ, ืืืืืืจ ืืืฉืืื.
- ืืฉืืืืืช: ืื ืืืืืจืื ืืช ื ืงืืืช ืืงืฆื ืขืืืจ ืคืจืืืจื ืชืขืืืจื ืืชืฆืืจื.
ืื ื ื ืฉืชืืฉ ืืืจืืขืช ืืจืืืืื ืืืื ืืื ืืืฆืืจ ืชืฆืืจืช Proxy ืฉื Envoy ืฉืชืชืืื ืืชืฆืืจืช NGINX ืกืคืฆืืคืืช. ืืืืจื ืฉื Envoy ืืื ืืขืืื ืขื ืืืฉืงื API ืืชืฆืืจื ืืื ืืืช. ืืืงืจื ืื, ืชืฆืืจืช ืืืกืืก ืชืฉืชืืฉ ืืืืืจืืช ืกืืืืืช ืขื ืงืืืื ืงืฉืื ื-NGINX.
ืฉืื 2 - ืชืฆืืจืช NGINX
ืืืืง ืืจืืฉืื nginx.conf ืืืืืจ ืืื ืจืืืืื ืคื ืืืืื ืฉื NGINX ืฉืืฉ ืืืืืืจ.
ืงืฉืจื ืขืืืืื
ืืชืฆืืจื ืฉืืืื ืงืืืขืช ืืช ืืกืคืจ ืชืืืืื ืืขืืืื ืืืืืืืจืื. ืื ืืฆืืื ืืืฆื NGINX ืืชืืื ืืืืงืืฉ.
worker_processes 2;
events {
worker_connections 2000;
}
Envoy Proxy ืื ืื ืืจืืืืช ืขืืืื ืืืืืืจืื ืืืจืืื ืฉืื ืืช.
Envoy ืืืฆืจ ืฉืจืฉืืจ ืขืืื ืขืืืจ ืื ืฉืจืฉืืจ ืืืืจื ืืืขืจืืช. ืื ืฉืจืฉืืจ ืขืืื ืืืฆืข ืืืืืช ืืืจืืข ืื ืืืกืืช ืฉืืืจืื ืขืืื
- ืืงืฉืื ืืื ืืืืื
- ืงืืืช ืงืฉืจืื ืืืฉืื
- ืืฆืืจืช ืงืืืฆืช ืืกื ื ืื ืืืืืืจ
- ืขืื ืืช ืื ืคืขืืืืช ื-I/O ืืืืื ืืื ืืืืืืจ.
ืื ืขืืืื ืืืืืืจืื ืื ืืกืฃ ืืืืคื ืืืืืื ืืฉืจืฉืืจ ืืขืืื, ืืืื ืื ืืชื ืืืืช ืืขืืจื.
ืืื ืืื ืขืืืืื ื-Envoy ืืฉ ืืืืจ ืืืืืจืื. ืื ืืืืจื ืืืืืจ HTTP/2 ืืงืืืื ืจืง ืืืืืจ ืืื ืืื ืืืจื ืืืฆืื ื ืืื ืคืขื, ืื ืืฉ ืืจืืขื ืฉืจืฉืืจื ืขืืืืื ืืืื ืืจืืขื ืืืืืจื HTTP/2 ืืื ืืืจื ืืืฆืื ื ืืืฆื ืืฆืื. ืขื ืืื ืฉืืืจื ืขื ืืื ืืฉืจืฉืืจ ืขืืื ืืื, ืืืขื ืื ืืงืื ืืืื ืืืืืชื ืืื ืืกืืื, ืืืืื ืืื ืฉืจืฉืืจ ืืืื. ืื ืืืงืฆืื ืืืชืจ ืฉืจืฉืืจื ืขืืืืื ืืื ืืจืฉ, ืืืืจ ืขืืื ืืืืืื ืืืืืื ืืืืจืื, ืืฆืืจืช ืืกืคืจ ืจื ืฉื ืืืืืจืื ืกืจืง, ืืืคืืชืช ืืกืคืจ ืืคืขืืื ืฉืืืืืจืื ืืืืืจืื ืืืืจื ืืืจืืื.
ืืืืืข ื ืืกืฃ ืืงืจื ืืืชืจ
ืชืฆืืจืช HTTP
ืืืืง ืืชืฆืืจื ืืื ืฉื NGINX ืืืืืจ ืืืืจืืช HTTP ืืืื:
- ืืืื ืกืืื ืคื ืืืืืืื ื ืชืืืื
- ืืจืืจืช ืืืืื ืฉื ืคืกืง ืืื
- ืชืฆืืจืช Gzip
ืืชื ืืืื ืืืชืืื ืืืฉืืช ืืช ืืืืืืื ืืืื ืืืืฆืขืืช ืืกื ื ืื ื-Envoy Proxy, ืฉืื ื ืืื ืืืืฉื.
ืฉืื 3 - ืชืฆืืจืช ืฉืจืช
ืืืืืง ืชืฆืืจืช HTTP, ืชืฆืืจืช NGINX ืืฆืืื ืช ืืืืืื ืืืฆืืื 8080 ืืืืืื ืืืงืฉืืช ื ืื ืกืืช ืืืืืืื ืื one.example.com ะธ www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;
ืืชืื Envoy, ืืื ื ืฉืื ืขื ืืื ืืืืื ืื.
ืืืืื ืื ืฉืืื
ืืืืื ืืืฉืื ืืืืชืจ ืืืชืืื ืขื Envoy Proxy ืืื ืืืืจืช ืืืืืื ืื ืฉืื. ืขืืื ืืืฆืืจ ืงืืืฅ ืชืฆืืจื ืฉืืชืืจ ืืืฆื ืืจืฆืื ื ืืืคืขืื ืืช ืืืืคืข ืฉื Envoy.
ืืงืืข ืฉืืืื ืืืฆืืจ ืืืืื ืืืฉ ืืืงืฉืจ ืืืชื ืืืฆืืื 8080. ืืชืฆืืจื ืืืืจืช ื-Envoy Proxy ืืืืื ืืฆืืืืช ืืื ืฆืจืื ืืืื ืขืืืจ ืืงืฉืืช ื ืื ืกืืช.
Envoy Proxy ืืฉืชืืฉ ืืกืืืื YAML ืขืืืจ ืืชืฆืืจื ืฉืื. ืืืืื ืืกืืืื ืื, ืขืืื ืืื
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
ืืื ืฆืืจื ืืืืืืจ ืฉื ืฉืจืช, ืฉืื ืืกื ื ื Proxy ืฉื Envoy ืืืคืื ืืื.
ืฉืื 4 - ืชืฆืืจืช ืืืงืื
ืืฉืืืืขื ืืงืฉื ื-NGINX, ืืืืง ืืืืงืื ืงืืืข ืืืฆื ืืขืื ืืืื ืื ืชื ืืช ืืชืขืืืจื. ืืคืจืืื ื ืืื, ืื ืืชืขืืืจื ืืืชืจ ืืืขืืจืช ืืืฉืืื ืืืขืื (ืืขืจืช ืืืชืจืื: ืืืขืื ืืืจื ืืื ืืืจื ืืื ืฉืจืช ืืืฉืืืื) ืืฉื targetCluster. ืืืฉืืื ืืืขืื ืืืจื ืืืืืจ ืืช ืืฆืืชืื ืฉืฆืจืืืื ืืขืื ืืช ืืืงืฉื. ื ืืื ืืื ืืฉืื ืืื.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
ื-Envoy, ืคืืืืจืื ืขืืฉืื ืืืช.
ืืกื ื ื ืฉืืืืื
ืขืืืจ ืชืฆืืจื ืกืืืืช, ืืกื ื ืื ืงืืืขืื ืืืฆื ืืขืื ืืงืฉืืช ื ืื ืกืืช. ืืืงืจื ืื ืื ื ืืืืืจืื ืืกื ื ืื ืฉืืชืืืืื server_names ืืฉืื ืืงืืื. ืืืฉืจ ืืืืขืืช ืืงืฉืืช ื ืื ืกืืช ืืชืืืืืช ืชืืืืื ืืืกืืืืื ืืกืืืืื, ืืชืขืืืจื ืื ืืชืืช ืืืฉืืื. ืืืื ืืืงืืืื ืืชืฆืืจืช NGINX ืืืืื ืืืขืื.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
ืฉื envoy.http_connection_manager ืืื ืืกื ื ืืืื ื ื-Envoy Proxy. ืืกื ื ืื ืืืจืื ืืืืืื Redis, Mongo, TCP. ืชืืื ืืืฆืื ืืช ืืจืฉืืื ืืืืื ืืืชืืืช
ืืืืืข ื ืืกืฃ ืขื ืืืื ืืืช ืืืจืช ืฉื ืืืืื ืขืืืกืื, ืืงืจ
ืฉืื 5 - ืชืฆืืจืช Proxy ื-Upstream
ื-NGINX, ืืชืฆืืจื ืืืขืื ืืืจื ืืืืืจื ืงืืืฆื ืฉื ืฉืจืชื ืืขื ืฉืืขืืื ืชืขืืืจื. ืืืงืจื ืื, ืืืงืฆื ืฉื ื ืืฉืืืืืช.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
ื-Envoy, ืื ืื ืืื ืขื ืืื ืืฉืืืืืช.
ืืฉืืืืืช ืฉืืืืื
ืืืงืืืื ืืืขืื ืืืจื ืืืืืจืช ืืืฉืืืืืช. ืืืงืจื ืื, ืืืืจืืื ืฉืืฉืจืชื ืืช ืืชืขืืืจื ืืืื. ืืืคื ืืืืฉื ืืืืจืืื, ืืืื ืคืกืงื ืืื, ืืืืืจ ืืชืฆืืจืช ืืฉืืื. ืื ืืืคืฉืจ ืฉืืืื ืืคืืจืืช ืืืชืจ ืขื ืืืืืื ืืื ืืืืื ืืืืืื ืขืืืกืื.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
ืืขืช ืฉืืืืฉ ืืืืืื ืฉืืจืืช STRICT_DNS Envoy ืืคืชืืจ ืืืืคื ืจืฆืืฃ ืื-ืกืื ืืจืื ื ืืช ืืขืื ื-DNS ืฉืฆืืื ื. ืื ืืชืืืช IP ืฉืืืืืจื ืืชืืฆืืช ื-DNS ืชืืืฉื ืืืืจื ืืคืืจืฉ ืืืฉืืื ืืืขืื ืืืจื. ืืืฉืืขืืช ืืื ืฉืื ืืงืฉื ืชืืืืจ ืฉืชื ืืชืืืืช IP, Envoy ืื ืื ืฉืืฉ ืฉื ื ืืืจืืื ืืืฉืืื, ืืฉื ืืื ืืืืืื ืืืืืช ืืืืื ืื ืืขืืืก. ืื ืืืจื ืืืกืจ ืืืชืืฆืื, Envoy ืื ืื ืฉืืื ืืื ื ืงืืื ืืืชืจ ืืชืืฉืื ืชื ืืขื ืืื ืืืืจ ืืืืืจืื ืงืืืืื.
ืืืืืข ื ืืกืฃ ืจืื
ืฉืื 6 - ืืืฉืช ืืืื ืืฉืืืืืช
ืืชืฆืืจื ืืกืืคืืช ืืื ืจืืฉืื. ืืืงืื ืืืืืฃ ืืืื ื ืฉืืืื ืืืืกืง, Envoy Proxy ื ืืงื ืืืืฉื ืืืืกืกืช ืขื ื. ืื ืืืื ื ืืืืฉืืืื ืืืคืืืื ืื stdout ะธ ืกืืืจืจ.
ืืืฉืจ ืืฉืชืืฉืื ืืืืฉืื ืืงืฉื, ืืืื ื ืืืฉื ืื ืืืคืฆืืื ืืืื ืืืืฉืืชืื ืืืจืืจืช ืืืื. ืืื ืืืคืขืื ืืืื ื ืืืฉื ืขืืืจ ืืงืฉืืช HTTP, ืืคืขื ืืช ืืชืฆืืจื ืืืฉื_ืืืื ืขืืืจ ืื ืื ืืืืืจื HTTP. ืื ืชืื ืืืื ืืืืืช ืืืฉืืจ ืืืื stdout, ืื ืงืืืฅ ืืืืกืง, ืืืชืื ืืืจืืฉืืช ืฉืื.
ืืชืฆืืจื ืืืื ืชืคื ื ืืช ืื ืืืื ื ืืืืฉื ืื stdout (ืืขืจืช ืืืชืจืื - stdout ื ืืจืฉ ืืื ืืืฉืชืืฉ ื-envoy ืืชืื docker. ืื ืืฉืชืืฉืื ืื ืืื docker, ืื ืืืืืคื ืืช /dev/stdout ืื ืชืื ืืงืืืฅ ืืืื ืจืืื). ืืขืชืง ืืช ืงืืข ืืงืื ืืืืืจ ืืชืฆืืจื ืฉื ืื ืื ืืืืืืจืื:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
ืืชืืฆืืืช ืืืืจืืช ืืืืจืืืช ืื:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:
ืืืจืืจืช ืืืื, ื-Envoy ืืฉ ืืืจืืืช ืคืืจืื ืืืืืืช ืืช ืืคืจืืื ืฉื ืืงืฉืช ื-HTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n
ืืชืืฆืื ืฉื ืืืจืืืช ืคืืจืื ืื ืืื:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"
ื ืืชื ืืืชืืื ืืืฉืืช ืืช ืชืืื ืืคืื ืขื ืืื ืืืืจืช ืฉืื ืืคืืจืื. ืืืืืื:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"
ื ืืชื ืืืคืืง ืืช ืฉืืจืช ืืืืื ืื ืืคืืจืื JSON ืขื ืืื ืืืืจืช ืืฉืื json_format. ืืืืืื:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}
ืืืืืข ื ืืกืฃ ืขื ืืชืืืืืืืืืช ืจืืฉืื ืืฉืืื, ืืงืจ
ืจืืฉืื ืืื ืื ืืืจื ืืืืืื ืืงืื ืชืืื ืืช ืืืื ืืขืืืื ืขื Envoy Proxy. ืืฉ ืื ืืืืืืช ืืขืงื ืืืืืื ืืชืงืืืืช ืืืืื ืืช ืืชืืื. ืืชื ืืืื ืืืจืจ ืขืื ื
ืฉืื 7 - ืืฉืงื
ืืขืช ืืขืืจืช ืืช ืืชืฆืืจื ืฉืื ื-NGINX ื-Envoy Proxy. ืืฉืื ืืืืจืื ืืื ืืืคืขืื ืืืคืข ืฉื Envoy Proxy ืืื ืืืืืง ืืืชื.
ืืคืขื ืืืฉืชืืฉ
ืืจืืฉ ืฉืืจืช ืืชืฆืืจื ืฉื NGINX ืืฉืชืืฉ www www; ืืฆืืื ืืืคืขืื ืืช NGINX ืืืฉืชืืฉ ืืขื ืืจืฉืืืช ื ืืืืืช ืืื ืืฉืคืจ ืืช ืืืืืื.
Envoy Proxy ื ืืงื ืืืืฉื ืืืืกืกืช ืขื ื ืื ืืืื ืื ืืืขืืื ืฉื ืชืืืื. ืืืฉืจ ืื ื ืืคืขืืืื ืืช Envoy Proxy ืืจื ืงืื ืืืื ืจ, ืื ื ืืืืืื ืืฆืืื ืืฉืชืืฉ ืืขื ืืจืฉืืืช ื ืืืื.
ืืคืขืืช Proxy ืฉื Envoy
ืืคืงืืื ืืืื ืชืคืขืื ืืช Envoy Proxy ืืจื ืงืื ืืืื ืจ Docker ืืืืจื. ืคืงืืื ืื ืืขื ืืงื ื-Envoy ืืช ืืืืืืช ืืืืืื ืืืงืฉืืช ื ืื ืกืืช ืืืฆืืื 80. ืขื ืืืช, ืืคื ืฉืฆืืื ืืชืฆืืจืช ืืืืืื, Envoy Proxy ืืืืื ืืชืขืืืจื ื ืื ืกืช ืืืฆืืื 8080. ืื ืืืคืฉืจ ืืชืืืื ืืคืขืื ืืืฉืชืืฉ ืืขื ืืจืฉืืืช ื ืืืืืช.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy
ืืืืงื
ืืืฉืจ ืคืจืืงืกื ืคืืขื, ืืขืช ื ืืชื ืืืฆืข ืืืขืื ืืืืงืืช. ืคืงืืืช cURL ืืืื ืื ืคืืงื ืืงืฉื ืขื ืืืชืจืช ืืืืจื ืืืืืืจืช ืืชืฆืืจืช ื-proxy.
curl -H "Host: one.example.com" localhost -i
ืืงืฉืช ื-HTTP ืชืืจืื ืืฉืืืื 503. ืืกืืื ืืื ืืื ืฉืืืืืจืื ืืืขืื ืืืจื ืืื ื ืคืืขืืื ืืืื ื ืืืื ืื. ืืื, ื-Envoy Proxy ืืื ืืขืืื ืืืื ืื ืืืงืฉื. ืืคืงืืื ืืืื ืชืชืืื ืกืืจื ืฉื ืฉืืจืืชื HTTP ืืชืืืืื ืืชืฆืืจื ืฉืืืืืจื ืขืืืจ Envoy.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;
ืขื ืืฉืืจืืชืื ืืืืื ืื, Envoy ืืืืื ืืืฆืืื ืืช ืืชืขืืืจื ืืืขื ืฉืื.
curl -H "Host: one.example.com" localhost -i
ืืชื ืืืืจ ืืจืืืช ืชืืืื ืืืฆืืื ืช ืืืื ืืืื Docker ืขืืื ืืช ืืืงืฉื. ืืืืื ื ื-Proxy ืฉื Envoy ืืชื ืืืืจ ืืจืืืช ืื ืคืื ืฉื ืืืจืืืช ืืืฉื.
ืืืชืจืืช ืชืืืืช HTTP ื ืืกืคืืช
ืชืจืื ืืืชืจืืช HTTP ื ืืกืคืืช ืืืืชืจืืช ืืชืืืื ืฉื ืืืงืฉื ืืคืืขื. ืืืืชืจืช ืืฆืืื ืืช ืืืื ืฉืืืืจื ืืืขืื ืืืจื ืืืื ืืขืืืื ืืืงืฉื. ืืชืืื ืืืืคืืืช ืฉื ืืืช. ืื ืฉืืืืฉื ืื ืืืงืื ืจืืฆื ืืงืืืข ืืช ืืื ืืฉืืจืืช ืืืฉืืืื ืืืืืืจ ืืจืฉืช.
x-envoy-upstream-service-time: 0
server: envoy
ืชืฆืืจื ืกืืคืืช
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }
ืืืืข ื ืืกืฃ ืืืืชืจืื
ืืืจืืืช ืืืชืงื ืช Envoy Proxy ื ืืชื ืืืฆืื ืืืชืจ
ืืืจืืจืช ืืืื, ื-rpm ืืื ืชืฆืืจืช ืฉืืจืืช systemd.
ืืืกืฃ ืชืฆืืจืช ืฉืืจืืช systemd /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.target
ืืชื ืฆืจืื ืืืฆืืจ ืกืคืจืืื /etc/envoy/ ืืืฉืื ืฉื ืืช config.yaml config.
ืืฉ ืฆ'ืื ืืืืจื ืืืืฆืขืืช ืคืจืืงืกื ืฉืืื:
Envoy Proxy ืืื ื ืชืืื ืืืฆืืช ืชืืื ืกืืื. ืืื, ืื ืืืื ืืืฆืืืข ืืชืืื ื:
ืจืง ืืฉืชืืฉืื ืจืฉืืืื ืืืืืื ืืืฉืชืชืฃ ืืกืงืจ.
ืืื ืืคืืกื ืืื ืขืืื ืืืชื ืืืชืงืื ืืืืืืง ืืช proxy ืฉื ืฉืืืืืช?
-
ืื
-
ืื
75 ืืฉืชืืฉืื ืืฆืืืขื. 18 ืืฉืชืืฉืื ื ืื ืขื.
ืืงืืจ: www.habr.com