ããã«ã¡ã¯ãããã«ïŒ æçš¿ã®ç¿»èš³ã玹ä»ããŸãã
Envoy ã¯ãåå¥ã®ãµãŒãã¹ããã³ã¢ããªã±ãŒã·ã§ã³åãã«èšèšãããé«æ§èœåæ£ãããã· ãµãŒã㌠(C++ ã§èšè¿°) ã§ããã倧èŠæš¡ãªãã€ã¯ããµãŒãã¹ã®ããµãŒãã¹ ã¡ãã·ã¥ãã¢ãŒããã¯ãã£åãã«èšèšãããéä¿¡ãã¹ããã³ããŠãããŒãµã« ããŒã¿ ãã¬ãŒã³ãã§ããããŸãã äœæã«ããã£ãŠã¯ãNGINXãHAProxyãããŒããŠã§ã¢ããŒããã©ã³ãµãŒãã¯ã©ãŠãããŒããã©ã³ãµãŒãªã©ã®ãµãŒããŒã®éçºäžã«çºçããåé¡ã®è§£æ±ºçãèæ ®ãããŸããã Envoy ã¯åã¢ããªã±ãŒã·ã§ã³ãšäžŠè¡ããŠåäœãããããã¯ãŒã¯ãæœè±¡åããŠããã©ãããã©ãŒã ã«é¢ä¿ãªãå ±éã®æ©èœãæäŸããŸãã ã€ã³ãã©ã¹ãã©ã¯ãã£å ã®ãã¹ãŠã®ãµãŒãã¹ ãã©ãã£ãã¯ã Envoy ã¡ãã·ã¥ãééãããšãäžè²«ããå¯èŠ³æž¬æ§ã§åé¡é åãèŠèŠåããå šäœçãªããã©ãŒãã³ã¹ã調æŽããç¹å®ã®å Žæã«ã³ã¢æ©èœãè¿œå ããããšã容æã«ãªããŸãã
æ©èœ
- ã¢ãŠãããã»ã¹ ã¢ãŒããã¯ãã£: envoy ã¯ãå°éã® RAM ã䜿çšããèªå·±å®çµåã®é«æ§èœãµãŒããŒã§ãã ããããã¢ããªã±ãŒã·ã§ã³èšèªãŸãã¯ãã¬ãŒã ã¯ãŒã¯ãšé£æºããŠåäœããŸãã
- http/2 ããã³ grpc ã®ãµããŒã: envoy ã¯ãåä¿¡æ¥ç¶ããã³éä¿¡æ¥ç¶ã«å¯ŸããŠæé«çŽã® http/2 ããã³ grpc ãµããŒããåããŠããŸãã ãã㯠http/1.1 ãã http/2 ãžã®ééãããã·ã§ãã
- é«åºŠãªè² è·åæ£: envoy ã¯ãèªååè©Šè¡ããã§ãŒã³ã®åæãã°ããŒãã« ã¬ãŒãå¶éããªã¯ãšã¹ã ã·ã£ããŠã€ã³ã°ãããŒã«ã« ãŸãŒã³ã®è² è·åæ£ãªã©ãå«ãé«åºŠãªè² è·åæ£æ©èœããµããŒãããŸãã
- æ§æ管ç API: envoy ã¯ãæ§æãåçã«ç®¡çããããã®å ç¢ãª API ãæäŸããŸãã
- å¯èŠ³æž¬æ§: L7 ãã©ãã£ãã¯ã®è©³çŽ°ãªå¯èŠ³æž¬æ§ãåæ£ãã¬ãŒã¹ã®ãã€ãã£ã ãµããŒããmongodbãdynamodbããã®ä»å€ãã®ã¢ããªã±ãŒã·ã§ã³ã®å¯èŠ³æž¬æ§ã
ã¹ããã 1 â NGINX æ§æã®äŸ
ãã®ã¹ã¯ãªããã¯ç¹å¥ã«äœæããããã¡ã€ã«ã䜿çšããŸã nginx.confã®å®å
šãªäŸã«åºã¥ããŠããŸãã
nginxãœãŒã¹æ§æ
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
NGINX æ§æã«ã¯éåžžã次㮠XNUMX ã€ã®éèŠãªèŠçŽ ããããŸãã
- NGINX ãµãŒããŒããã°æ§é ãGzip æ©èœãæ§æããŸãã ããã¯ããã¹ãŠã®å Žåã«ãããŠã°ããŒãã«ã«å®çŸ©ãããŸãã
- ãã¹ããžã®ãªã¯ãšã¹ããåãå ¥ããããã« NGINX ãæ§æãã one.example.com ããŒã8080äžã
- ã¿ãŒã²ããã®å Žæãèšå®ããURL ã®ããŸããŸãªéšåã®ãã©ãã£ãã¯ãåŠçããæ¹æ³ã
ãã¹ãŠã®æ§æã Envoy ãããã·ã«é©çšãããããã§ã¯ãªããããäžéšã®èšå®ãæ§æããå¿ èŠã¯ãããŸããã Envoy ãããã·ã«ã¯ã XNUMXã€ã®ããŒã¿ã€ããNGINX ãæäŸããã³ã¢ ã€ã³ãã©ã¹ãã©ã¯ãã£ããµããŒãããŸãã æ žå¿ã¯æ¬¡ã®ãšããã§ãã
- ãªã¹ããŒ: ãããã¯ãEnvoy ãããã·ãåä¿¡ãªã¯ãšã¹ããåãå ¥ããæ¹æ³ã決å®ããŸãã Envoy ãããã·ã¯çŸåšãTCP ããŒã¹ã®ãªã¹ããŒã®ã¿ããµããŒãããŠããŸãã æ¥ç¶ã確ç«ããããšãåŠçã®ããã«äžé£ã®ãã£ã«ã¿ãŒã«æž¡ãããŸãã
- ãã£ã«ã¿ãŒ: ãããã¯ãåä¿¡ããŒã¿ãšéä¿¡ããŒã¿ãåŠçã§ãããã€ãã©ã€ã³ ã¢ãŒããã¯ãã£ã®äžéšã§ãã ãã®æ©èœã«ã¯ãã¯ã©ã€ã¢ã³ãã«éä¿¡ããåã«ããŒã¿ãå§çž®ãã Gzip ãªã©ã®ãã£ã«ã¿ãŒãå«ãŸããŠããŸãã
- ã«ãŒã¿ãŒ: ãããã¯ãã¯ã©ã¹ã¿ãŒãšããŠå®çŸ©ãããå¿ èŠãªå®å ã«ãã©ãã£ãã¯ã転éããŸãã
- ã¯ã©ã¹ã¿ãŒ: ãããã¯ããã©ãã£ãã¯ã®ãšã³ããã€ã³ããšæ§æãã©ã¡ãŒã¿ãå®çŸ©ããŸãã
ããã XNUMX ã€ã®ã³ã³ããŒãã³ãã䜿çšããŠãç¹å®ã® NGINX æ§æã«äžèŽãã Envoy ãããã·æ§æãäœæããŸãã Envoy ã®ç®æšã¯ãAPI ãšåçæ§æãæäœããããšã§ãã ãã®å Žåãåºæ¬æ§æ㯠NGINX ã®éçãªããŒãã³ãŒãã£ã³ã°ãããèšå®ã䜿çšããŸãã
ã¹ããã 2 - NGINX ã®æ§æ
æåã®éšå nginx.conf æ§æããå¿ èŠãããããã€ãã® NGINX å éšãå®çŸ©ããŸãã
ã¯ãŒã«ãŒã®æ¥ç¶
以äžã®æ§æã«ãããã¯ãŒã«ãŒ ããã»ã¹ãšæ¥ç¶ã®æ°ã決ãŸããŸãã ããã¯ãNGINX ãéèŠã«åãããŠã©ã®ããã«æ¡åŒµããããã瀺ããŸãã
worker_processes 2;
events {
worker_connections 2000;
}
Envoy ãããã·ã¯ãããŸããŸãªæ¹æ³ã§ã¯ãŒã¯ãããŒãšæ¥ç¶ã管çããŸãã
Envoy ã¯ãã·ã¹ãã äžã®ããŒããŠã§ã¢ ã¹ã¬ããããšã«ã¯ãŒã«ãŒ ã¹ã¬ãããäœæããŸãã åã¯ãŒã«ãŒ ã¹ã¬ããã¯ã次ã®åŠçãæ åœãããã³ããããã³ã° ã€ãã³ã ã«ãŒããå®è¡ããŸãã
- ãªã¹ããŒäžäººã²ãšãã®å£°ãèããªãã
- æ°ããæ¥ç¶ãåãå ¥ãã
- æ¥ç¶çšã®ãã£ã«ã¿ãŒã®ã»ããã®äœæ
- æ¥ç¶ã®åç¶æéäžããã¹ãŠã® I/O æäœãåŠçããŸãã
ãã以éã®ãã¹ãŠã®æ¥ç¶åŠçã¯ã転éåäœãå«ããŠå®å šã«ã¯ãŒã«ãŒ ã¹ã¬ããã§åŠçãããŸãã
Envoy ã®ã¯ãŒã«ãŒ ã¹ã¬ããããšã«æ¥ç¶ããŒã«ããããŸãã ãããã£ãŠãHTTP/2 æ¥ç¶ããŒã«ã¯å€éšãã¹ãããšã«äžåºŠã« 2 ã€ã®æ¥ç¶ã®ã¿ã確ç«ããŸããXNUMX ã€ã®ã¯ãŒã«ãŒ ã¹ã¬ãããããå Žåãå®å®ããç¶æ ã§ã¯å€éšãã¹ãããšã« XNUMX ã€ã® HTTP/XNUMX æ¥ç¶ãååšããŸãã ãã¹ãŠã XNUMX ã€ã®ã¯ãŒã«ãŒ ã¹ã¬ããã«ä¿æããããšã§ãããããã·ã³ã°ã« ã¹ã¬ããã§ãããã®ããã«ãã»ãšãã©ãã¹ãŠã®ã³ãŒãããããã¯ããããšãªãäœæã§ããŸãã å¿ èŠä»¥äžã«å€ãã®ã¯ãŒã«ãŒ ã¹ã¬ãããå²ãåœãŠããããšãã¡ã¢ãªãç¡é§ã«ãªããã¢ã€ãã«ç¶æ ã®æ¥ç¶ã倧éã«äœæãããæ¥ç¶ãããŒã«ã«è¿ãããåæ°ãæžå°ããå¯èœæ§ããããŸãã
詳现ã«ã€ããŠã¯ã
HTTPèšå®
次㮠NGINX æ§æãããã¯ã¯ã次ã®ãã㪠HTTP èšå®ãå®çŸ©ããŸãã
- ãµããŒããããŠãã MIME ã¿ã€ã
- ããã©ã«ãã®ã¿ã€ã ã¢ãŠã
- Gzip æ§æ
Envoy ãããã·ã®ãã£ã«ã¿ãŒã䜿çšããŠãããã®åŽé¢ãã«ã¹ã¿ãã€ãºã§ããŸããããã«ã€ããŠã¯åŸã§èª¬æããŸãã
ã¹ããã 3 - ãµãŒããŒæ§æ
HTTP æ§æãããã¯ã§ã¯ãNGINX æ§æã¯ããŒã 8080 ã§ãªãã¹ã³ãããã¡ã€ã³ã®åä¿¡ãªã¯ãšã¹ãã«å¿çããããã«æå®ããŸãã one.example.com О www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;
Envoy å ã§ã¯ãListeners ã«ãã£ãŠå¶åŸ¡ãããŸãã
ãšã³ãã€ãªã¹ããŒ
Envoy Proxy ã®äœ¿çšãéå§ããéã®æãéèŠãªç¹ã¯ããªã¹ããŒãå®çŸ©ããããšã§ãã Envoy ã€ã³ã¹ã¿ã³ã¹ã®å®è¡æ¹æ³ãèšè¿°ããæ§æãã¡ã€ã«ãäœæããå¿ èŠããããŸãã
以äžã®ã¹ããããã¯ãæ°ãããªã¹ããŒãäœæããããŒã 8080 ã«ãã€ã³ãããŸããæ§æã¯ãåä¿¡ãªã¯ãšã¹ãã«å¯ŸããŠã©ã®ããŒãã«ãã€ã³ãããå¿ èŠããããã Envoy ãããã·ã«æ瀺ããŸãã
Envoy ãããã·ã¯ãæ§æã« YAML è¡šèšã䜿çšããŸãã ãã®è¡šèšæ³ã®æŠèŠã«ã€ããŠã¯ããããåç
§ããŠãã ãã
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
å®çŸ©ããå¿ èŠã¯ãããŸãã ãµãŒããŒã®ååãEnvoy ãããã· ãã£ã«ã¿ãŒããããåŠçããããã§ãã
ã¹ããã 4 - å Žæã®æ§æ
ãªã¯ãšã¹ãã NGINX ã«å±ããšããã±ãŒã·ã§ã³ ãããã¯ã«ãã£ãŠãã©ãã£ãã¯ã®åŠçæ¹æ³ãšã«ãŒãã£ã³ã°å ã決å®ãããŸãã 次ã®ãã©ã°ã¡ã³ãã§ã¯ããµã€ããžã®ãã¹ãŠã®ãã©ãã£ãã¯ãããšããååã®ã¢ããã¹ããªãŒã (翻蚳è 泚: ã¢ããã¹ããªãŒã ã¯éåžžã¢ããªã±ãŒã·ã§ã³ ãµãŒããŒ) ã¯ã©ã¹ã¿ãŒã«è»¢éãããŸãã ã¿ãŒã²ããã¯ã©ã¹ã¿ãŒã äžæµã¯ã©ã¹ã¿ãŒã¯ããªã¯ãšã¹ããåŠçããå¿ èŠãããããŒããå®çŸ©ããŸãã ããã«ã€ããŠã¯æ¬¡ã®ã¹ãããã§èª¬æããŸãã
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
Envoy ã§ã¯ãFilters ããããè¡ããŸãã
ãšã³ãã€ãã£ã«ã¿ãŒ
éçæ§æã®å Žåããã£ã«ã¿ãŒã¯åä¿¡ãªã¯ãšã¹ããåŠçããæ¹æ³ã決å®ããŸãã ãã®å ŽåãäžèŽãããã£ã«ã¿ãŒãèšå®ããŸãã ãµãŒããŒå åã®ã¹ãããã§ã ç¹å®ã®ãã¡ã€ã³ããã³ã«ãŒãã«äžèŽããåä¿¡ãªã¯ãšã¹ããå°çãããšããã©ãã£ãã¯ã¯ã¯ã©ã¹ã¿ãŒã«ã«ãŒãã£ã³ã°ãããŸãã ããã¯ãNGINX ã®ããã ã¢ããæ§æãšåçã§ãã
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
åå envoy.http_connection_manager Envoy ãããã·ã®çµã¿èŸŒã¿ãã£ã«ã¿ãŒã§ãã ãã®ä»ã®ãã£ã«ã¿ãŒã«ã¯æ¬¡ã®ãã®ããããŸãã Redisã®, ã¢ã³ãŽ, TCPã å®å
šãªãªã¹ãã¯æ¬¡ã®å Žæã§ç¢ºèªã§ããŸãã
ä»ã®è² è·åæ£ããªã·ãŒã®è©³çŽ°ã«ã€ããŠã¯ã次ã®ãµã€ããåç
§ããŠãã ããã
ã¹ããã 5 - ãããã·ãšã¢ããã¹ããªãŒã ã®æ§æ
NGINX ã§ã¯ãã¢ããã¹ããªãŒã æ§æã¯ããã©ãã£ãã¯ãåŠçããäžé£ã®ã¿ãŒã²ãã ãµãŒããŒãå®çŸ©ããŸãã ãã®å ŽåãXNUMX ã€ã®ã¯ã©ã¹ã¿ãŒãå²ãåœãŠãããŸããã
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
Envoy ã§ã¯ãããã¯ã¯ã©ã¹ã¿ãŒã«ãã£ãŠç®¡çãããŸãã
ãšã³ãã€ã¯ã©ã¹ã¿
äžæµã«çžåœãããã®ã¯ã¯ã©ã¹ã¿ãŒãšããŠå®çŸ©ãããŸãã ãã®å Žåããã©ãã£ãã¯ãåŠçãããã¹ãã¯ç¹å®ãããŠããŸãã ã¿ã€ã ã¢ãŠããªã©ã®ãã¹ããžã®ã¢ã¯ã»ã¹æ¹æ³ã¯ãã¯ã©ã¹ã¿ãŒæ§æãšããŠå®çŸ©ãããŸãã ããã«ãããã¬ã€ãã³ã·ãè² è·åæ£ãªã©ã®åŽé¢ããã詳现ã«å¶åŸ¡ã§ããããã«ãªããŸãã
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
ãµãŒãã¹ãã£ã¹ã«ããªã䜿çšããå Žå STRICT_DNS Envoy ã¯ãæå®ããã DNS ã¿ãŒã²ãããç¶ç¶çãã€éåæçã«è§£æ±ºããŸãã DNS çµæããè¿ãããå IP ã¢ãã¬ã¹ã¯ãã¢ããã¹ããªãŒã ã¯ã©ã¹ã¿ãŒå ã®æ瀺çãªãã¹ããšã¿ãªãããŸãã ããã¯ããªã¯ãšã¹ãã XNUMX ã€ã® IP ã¢ãã¬ã¹ãè¿ããå ŽåãEnvoy ã¯ã¯ã©ã¹ã¿ãŒå ã« XNUMX ã€ã®ãã¹ãããããäž¡æ¹ã®ãã¹ããè² è·åæ£ãããå¿ èŠããããšæ³å®ããããšãæå³ããŸãã çµæãããã¹ããåé€ãããå ŽåãEnvoy ã¯ãã®ãã¹ããååšããªããã®ãšã¿ãªããæ¢åã®æ¥ç¶ããŒã«ãããã©ãã£ãã¯ããã«ããŸãã
詳现ã«ã€ããŠã¯ããåç
§ããŠãã ããã
ã¹ããã 6 â ã¢ã¯ã»ã¹ãšãšã©ãŒããã°ã«èšé²ãã
æåŸã®æ§æã¯ç»é²ã§ãã Envoy Proxy ã¯ããšã©ãŒ ãã°ããã£ã¹ã¯ã«ããã·ã¥ãã代ããã«ãã¯ã©ãŠãããŒã¹ã®ã¢ãããŒããæ¡çšããŸãã ãã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ ãã°ã¯æ¬¡ã®å Žæã«åºåãããŸãã (Linuxã§èšããšããã®stdoutïŒ Ðž stderr.
ãŠãŒã¶ãŒããªã¯ãšã¹ããè¡ãå Žåãã¢ã¯ã»ã¹ ãã°ã¯ãªãã·ã§ã³ã§ãããããã©ã«ãã§ã¯ç¡å¹ã«ãªã£ãŠããŸãã HTTP ãªã¯ãšã¹ãã®ã¢ã¯ã»ã¹ ãã°ãæå¹ã«ããã«ã¯ãèšå®ãæå¹ã«ããŸãã ã¢ã¯ã»ã¹ãã° HTTP æ¥ç¶ãããŒãžã£ãŒçšã ãã¹ã«ã¯ã次ã®ãããªããã€ã¹ãæå®ã§ããŸãã (Linuxã§èšããšããã®stdoutïŒããŸãã¯èŠä»¶ã«å¿ããŠãã£ã¹ã¯äžã®ãã¡ã€ã«ã
次ã®èšå®ã§ã¯ããã¹ãŠã®ã¢ã¯ã»ã¹ ãã°ã次ã®å Žæã«ãªãã€ã¬ã¯ããããŸãã (Linuxã§èšããšããã®stdoutïŒ (翻蚳è 泚 - docker å 㧠envoy ã䜿çšããã«ã¯ stdout ãå¿ èŠã§ããdocker ãªãã§äœ¿çšããå Žåã¯ã/dev/stdout ãéåžžã®ãã° ãã¡ã€ã«ãžã®ãã¹ã«çœ®ãæããŸã)ã ã¹ãããããæ¥ç¶ãããŒãžã£ãŒã®æ§æã»ã¯ã·ã§ã³ã«ã³ããŒããŸãã
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
çµæã¯æ¬¡ã®ããã«ãªããŸãã
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:
ããã©ã«ãã§ã¯ãEnvoy ã«ã¯ HTTP ãªã¯ãšã¹ãã®è©³çŽ°ãå«ããã©ãŒãããæååããããŸãã
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n
ãã®ãã©ãŒãããæååã®çµæã¯æ¬¡ã®ããã«ãªããŸãã
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"
åºåå 容ã¯ãã©ãŒããããã£ãŒã«ããèšå®ããããšã§ã«ã¹ã¿ãã€ãºã§ããŸãã äŸãã°ïŒ
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"
ãã£ãŒã«ããèšå®ããããšã§ããã°è¡ã JSON 圢åŒã§åºåããããšãã§ããŸãã json_formatã äŸãã°ã
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}
Envoy ç»é²æ¹æ³ã®è©³çŽ°ã«ã€ããŠã¯ã次ã®ãµã€ããã芧ãã ããã
Envoy ãããã·ã®æäœã«é¢ããæŽå¯ãåŸãå¯äžã®æ¹æ³ã¯ãã°èšé²ã ãã§ã¯ãããŸããã é«åºŠãªãã¬ãŒã¹æ©èœãšã¡ããªã¯ã¹æ©èœãçµã¿èŸŒãŸããŠããŸãã 詳现ã«ã€ããŠã¯ã次ã®ãµã€ããã芧ãã ããã
ã¹ããã 7 - èµ·å
ããã§ãæ§æã NGINX ãã Envoy ãããã·ã«ç§»è¡ãããŸããã æåŸã®ã¹ãããã¯ãEnvoy ãããã· ã€ã³ã¹ã¿ã³ã¹ãèµ·åããŠãã¹ãããããšã§ãã
ãŠãŒã¶ãŒãšããŠå®è¡
NGINX èšå®è¡ã®å é ãŠãŒã¶ãŒ www www; ã»ãã¥ãªãã£ãåäžãããããã«ãNGINX ãäœãç¹æš©ã®ãŠãŒã¶ãŒãšããŠå®è¡ããããã«æå®ããŸãã
Envoy Proxy ã¯ãããã»ã¹ã®ææè ã管çããããã«ã¯ã©ãŠãããŒã¹ã®ã¢ãããŒããæ¡çšããŠããŸãã ã³ã³ããçµç±ã§ Envoy ãããã·ãå®è¡ããå Žåãäœãç¹æš©ãæã€ãŠãŒã¶ãŒãæå®ã§ããŸãã
Envoy ãããã·ã®èµ·å
以äžã®ã³ãã³ãã¯ããã¹ãäžã® Docker ã³ã³ãããéã㊠Envoy ãããã·ãå®è¡ããŸãã ãã®ã³ãã³ãã«ãããEnvoy ã¯ããŒã 80 ã§åä¿¡ãªã¯ãšã¹ãããªãã¹ã³ã§ããããã«ãªããŸãããã ãããªã¹ããŒæ§æã§æå®ãããŠããããã«ãEnvoy ãããã·ã¯ããŒã 8080 ã§åä¿¡ãã©ãã£ãã¯ããªãã¹ã³ããŸããããã«ãããããã»ã¹ãäœç¹æš©ãŠãŒã¶ãŒãšããŠå®è¡ã§ããŸãã
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy
ãã¹ã
ãããã·ãå®è¡ãããšããã¹ããäœæããŠåŠçã§ããããã«ãªããŸãã 次㮠cURL ã³ãã³ãã¯ããããã·æ§æã§å®çŸ©ããããã¹ã ããããŒã䜿çšããŠãªã¯ãšã¹ããçºè¡ããŸãã
curl -H "Host: one.example.com" localhost -i
HTTPãªã¯ãšã¹ãã¯ãšã©ãŒã«ãªããŸã 503ã ããã¯ãã¢ããã¹ããªãŒã æ¥ç¶ãæ©èœããŠãããã䜿çšã§ããªãããã§ãã ãããã£ãŠãEnvoy ãããã·ã«ã¯ãªã¯ãšã¹ãã«äœ¿çšã§ããå®å ããããŸããã 次ã®ã³ãã³ãã¯ãEnvoy ã«å®çŸ©ãããæ§æã«äžèŽããäžé£ã® HTTP ãµãŒãã¹ãéå§ããŸãã
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;
ãµãŒãã¹ãå©çšå¯èœã§ããã°ãEnvoy ã¯å®å ã«ãã©ãã£ãã¯ãæ£åžžã«ãããã·ã§ããŸãã
curl -H "Host: one.example.com" localhost -i
ã©ã® Docker ã³ã³ããããªã¯ãšã¹ããåŠçãããã瀺ãå¿çã衚瀺ãããã¯ãã§ãã Envoy ãããã· ãã°ã«ã¯ãã¢ã¯ã»ã¹æååã®åºåã衚瀺ãããŸãã
è¿œå ã®HTTPå¿çããããŒ
å®éã®ãªã¯ãšã¹ãã®å¿çããããŒã«è¿œå ã® HTTP ããããŒã衚瀺ãããŸãã ããããŒã«ã¯ãäžæµãã¹ãããªã¯ãšã¹ãã®åŠçã«è²»ãããæéã衚瀺ãããŸãã ããªç§åäœã§è¡šãããŸãã ããã¯ãã¯ã©ã€ã¢ã³ãããããã¯ãŒã¯é 延ãšæ¯èŒããŠãµãŒãã¹æéã決å®ãããå Žåã«åœ¹ç«ã¡ãŸãã
x-envoy-upstream-service-time: 0
server: envoy
æçµæ§æ
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }
翻蚳è ããã®è¿œå æ å ±
Envoy Proxy ã®ã€ã³ã¹ããŒã«æé 㯠Web ãµã€ãã§åç
§ã§ããŸãã
ããã©ã«ãã§ã¯ãrpm ã«ã¯ systemd ãµãŒãã¹æ§æããããŸããã
systemd ãµãŒãã¹æ§æ /etc/systemd/system/envoy.service ãè¿œå ããŸãã
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.target
/etc/envoy/ ãã£ã¬ã¯ããªãäœæããããã« config.yaml æ§æãé 眮ããå¿ èŠããããŸãã
envoy ãããã·ã䜿çšããé»å ±ãã£ããããããŸãã
Envoy ãããã·ã¯ãéçã³ã³ãã³ãã®æäŸããµããŒãããŠããŸããã ãããã£ãŠããã®æ©èœã«æ祚ã§ããã®ã¯æ¬¡ã®ãšããã§ãã
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
ãã®æçš¿ã¯ãenvoy ãããã·ãã€ã³ã¹ããŒã«ããŠãã¹ãããããšã奚å±ããŸããã?
-
ã¯ã
-
ããŒ
75 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 18åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com