èšäºã®ç¿»èš³ïŒ
ãã®èšäºã¯éåžžã«èå³æ·±ããšæããŸãããEnvoy ã¯ãistioãã®äžéšãšããŠããŸãã¯åçŽã« kubernetes ã®ãã€ã³ã°ã¬ã¹ ã³ã³ãããŒã©ãŒããšããŠäœ¿çšãããããšãå€ããããã»ãšãã©ã®äººã¯ãããšãã°éåžžã® Envoy ãšåãããã«çŽæ¥å¯Ÿè©±ããããšã¯ãããŸããã Nginx ãŸã㯠Haproxy ã®ã€ã³ã¹ããŒã«ã ãã ããäœããå£ããå Žåããããå
éšããã©ã®ããã«æ©èœããããç解ããããšã¯è¯ãããšã§ãã ç¹å¥ãªåèªãå«ããŠãã§ããéãå€ãã®ããã¹ãããã·ã¢èªã«ç¿»èš³ããããšããŸãããããããèŠãã®ãèŠçã ãšæãã人ã®ããã«ãåæãæ¬åŒ§å
ã«æ®ããŸããã ç«ãããžããããã
Envoy ã³ãŒãããŒã¹ã®äœã¬ãã«ã®æè¡ææžã¯çŸåšãéåžžã«å°ãªãã§ãã ããã解決ããããã«ãEnvoy ã®ããŸããŸãªãµãã·ã¹ãã ã«ã€ããŠäžé£ã®ããã°æçš¿ãè¡ãäºå®ã§ãã ãããæåã®èšäºã§ãã®ã§ããæèŠãä»åŸã®èšäºã§èå³ãããããšããèãããã ããã
Envoy ã«é¢ããŠç§ãåãåãæãäžè¬çãªæè¡çãªè³ªåã® XNUMX ã€ã¯ãEnvoy ã䜿çšããã¹ã¬ãã ã¢ãã«ã®äœã¬ãã«ã®èª¬æãæ±ãããã®ã§ãã ãã®æçš¿ã§ã¯ãEnvoy ãæ¥ç¶ãã¹ã¬ããã«ãããã³ã°ããæ¹æ³ãšãã³ãŒãã®äžŠåæ§ãšããã©ãŒãã³ã¹ãé«ããããã« Envoy ãå éšã§äœ¿çšãã Thread Local Storage ã·ã¹ãã ã«ã€ããŠèª¬æããŸãã
ã¹ã¬ããåã®æŠèŠ
Envoy 㯠XNUMX ã€ã®ç°ãªãã¿ã€ãã®ã¹ããªãŒã ã䜿çšããŸãã
- äž»èŠïŒ ãã®ã¹ã¬ããã¯ãããã»ã¹ã®èµ·åãšçµäºãXDS (xDiscovery Service) API ã®ãã¹ãŠã®åŠç (DNSããã«ã¹ãã§ãã¯ãäžè¬çãªã¯ã©ã¹ã¿ãŒãšã©ã³ã¿ã€ã 管çãçµ±èšã®ãªã»ããã管çããã³äžè¬çãªããã»ã¹ç®¡ç - Linux ã·ã°ãã«ãããããªã¹ã¿ãŒããªã©) ãå¶åŸ¡ããŸãããã®ã¹ã¬ããã§çºçããããšã¯éåæã§ãããããã³ããããã³ã°ãã§ãã äžè¬ã«ãã¡ã€ã³ã¹ã¬ããã¯ãå®è¡ã«å€§éã® CPU ãå¿ èŠãšããªããã¹ãŠã®éèŠãªæ©èœããã»ã¹ã調æŽããŸãã ããã«ãããã»ãšãã©ã®å¶åŸ¡ã³ãŒããã·ã³ã°ã« ã¹ã¬ããã§ãããã®ããã«èšè¿°ããããšãã§ããŸãã
- ã¯ãŒã«ãŒïŒ ããã©ã«ãã§ã¯ãEnvoy ã¯ã·ã¹ãã å
ã®ããŒããŠã§ã¢ ã¹ã¬ããããšã«ã¯ãŒã«ãŒ ã¹ã¬ãããäœæããŸããããã¯ããªãã·ã§ã³ã䜿çšããŠå¶åŸ¡ã§ããŸãã
--concurrency
ã åã¯ãŒã«ãŒ ã¹ã¬ããã¯ãåãªã¹ããŒããªãã¹ã³ãã圹å²ãæ ãããã³ããããã³ã°ãã€ãã³ã ã«ãŒããå®è¡ããŸãããã®èšäºã®å·çæç¹ (29 幎 2017 æ XNUMX æ¥) ã§ã¯ããªã¹ããŒã®ã·ã£ãŒãã£ã³ã°ã¯ãªããæ°ããæ¥ç¶ãåãå ¥ãããã£ã«ã¿ãŒ ã¹ã¿ãã¯ãã€ã³ã¹ã¿ã³ã¹åããŸããæ¥ç¶ãç¶æããæ¥ç¶ã®åç¶æéäžã«ãã¹ãŠã®å ¥åºå (IO) æäœãåŠçããŸãã ç¹°ãè¿ããŸãããããã«ãããã»ãšãã©ã®æ¥ç¶åŠçã³ãŒããã·ã³ã°ã« ã¹ã¬ããã§ãããã®ããã«äœæã§ããŸãã - ãã¡ã€ã«ãã©ãã·ã£ãŒ: Envoy ãæžã蟌ãåãã¡ã€ã« (äž»ã«ã¢ã¯ã»ã¹ ãã°) ã«ã¯çŸåšãç¬ç«ããããã㯠ã¹ã¬ããããããŸãã ããã¯ããã¡ã€ã« ã·ã¹ãã ã«ãã£ãŠãã£ãã·ã¥ããããã¡ã€ã«ãžã®æžã蟌ã¿ã¯ã
O_NONBLOCK
ãããã¯ãããããšããããŸãïŒããæ¯ïŒã ã¯ãŒã«ãŒ ã¹ã¬ããããã¡ã€ã«ã«æžã蟌ãå¿ èŠãããå ŽåãããŒã¿ã¯å®éã«ã¯ã¡ã¢ãªå ã®ãããã¡ã«ç§»åãããæçµçã«ã¹ã¬ãããéããŠãã©ãã·ã¥ãããŸãã ãã¡ã€ã«ãã©ãã·ã¥ã ããã¯ãæè¡çã«ã¯ãã¹ãŠã®ã¯ãŒã«ãŒ ã¹ã¬ãããã¡ã¢ãª ãããã¡ãŒãåããããšããŠãããšãã«åãããã¯ããããã¯ã§ããã³ãŒãé åã® XNUMX ã€ã§ãã
æ¥ç¶åŠç
äžã§ç°¡åã«èª¬æããããã«ããã¹ãŠã®ã¯ãŒã«ãŒ ã¹ã¬ããã¯ã·ã£ãŒãã£ã³ã°ãªãã§ãã¹ãŠã®ãªã¹ããŒããªãã¹ã³ããŸãã ãããã£ãŠãã«ãŒãã«ã¯ãåãå
¥ãããããœã±ãããã¯ãŒã«ãŒ ã¹ã¬ããã«é©åã«éä¿¡ããããã«äœ¿çšãããŸãã æè¿ã®ã«ãŒãã«ã¯äžè¬çã«ããã«éåžžã«åªããŠãããå
¥åºå (IO) åªå
床ããŒã¹ããªã©ã®æ©èœã䜿çšããŠãåããœã±ããã§ãªãã¹ã³ããŠããä»ã®ã¹ã¬ããã䜿çšãå§ããåã«ãã¹ã¬ãããäœæ¥ã§æºããããšããŸãããŸããã©ãŠã³ãããã³ã¯äœ¿çšããŸãããåãªã¯ãšã¹ããåŠçããããã®ãã㯠(Spinlock)ã
æ¥ç¶ãã¯ãŒã«ãŒ ã¹ã¬ããã§åãå
¥ãããããšããã®ã¹ã¬ããããé¢ããããšã¯ãããŸããã æ¥ç¶ã®ãã®åŸã®åŠçã¯ãã¹ãŠã転éåäœãå«ããŠå®å
šã«ã¯ãŒã«ãŒ ã¹ã¬ããã§åŠçãããŸãã
ããã«ã¯ããã€ãã®éèŠãªåœ±é¿ããããŸãã
- Envoy ã®ãã¹ãŠã®æ¥ç¶ããŒã«ã¯ã¯ãŒã«ãŒ ã¹ã¬ããã«å²ãåœãŠãããŸãã ãããã£ãŠãHTTP/2 æ¥ç¶ããŒã«ã¯åã¢ããã¹ããªãŒã ãã¹ãã«å¯ŸããŠäžåºŠã« 2 ã€ã®æ¥ç¶ãã確ç«ããŸããããã¯ãŒã«ãŒ ã¹ã¬ããã XNUMX ã€ããå Žåãå®åžžç¶æ ã§ã¯ã¢ããã¹ããªãŒã ãã¹ãããšã« XNUMX ã€ã® HTTP/XNUMX æ¥ç¶ãååšããããšã«ãªããŸãã
- Envoy ããã®ããã«æ©èœããçç±ã¯ããã¹ãŠã XNUMX ã€ã®ã¯ãŒã«ãŒ ã¹ã¬ããã«ä¿æããããšã§ãã»ãšãã©ãã¹ãŠã®ã³ãŒãããããã¯ããã«ãããããã·ã³ã°ã« ã¹ã¬ããã§ãããã®ããã«äœæã§ããããã§ãã ãã®èšèšã«ããã倧éã®ã³ãŒããç°¡åã«äœæã§ããã»ãŒç¡å¶éã®æ°ã®ã¯ãŒã«ãŒ ã¹ã¬ããã«é©ãã»ã©ããŸãæ¡åŒµã§ããŸãã
- ãã ããäž»ãªãã€ã³ãã® XNUMX ã€ã¯ãã¡ã¢ãª ããŒã«ãšæ¥ç¶å¹çã®èŠ³ç¹ãããå®éã«ã¯ã
--concurrency
ã å¿ èŠä»¥äžã«å€ãã®ã¯ãŒã«ãŒ ã¹ã¬ããããããšãã¡ã¢ãªãç¡é§ã«ãªããã¢ã€ãã«ç¶æ ã®æ¥ç¶ãå¢å ããæ¥ç¶ããŒãªã³ã°ã®é床ãäœäžããŸãã Lyft ã§ã¯ãEnvoy ãµã€ãã«ãŒ ã³ã³ãããŒã¯éåžžã«äœãåæå®è¡æ§ã§å®è¡ããããããããã©ãŒãã³ã¹ã¯é£ã«ãããµãŒãã¹ãšã»ãŒäžèŽããŸãã Envoy ã¯æ倧åæå®è¡æã«ã®ã¿ãšããž ãããã·ãšããŠå®è¡ãããŸãã
ãã³ããããã³ã°ãšã¯ã©ãããæå³ã§ãã?
ããã³ããããã³ã°ããšããçšèªã¯ãã¡ã€ã³ ã¹ã¬ãããšã¯ãŒã«ãŒ ã¹ã¬ãããã©ã®ããã«æ©èœããããè°è«ããéã«ããããŸã§ã«äœåºŠã䜿çšãããŠããŸããã ãã¹ãŠã®ã³ãŒãã¯ãäœããããã¯ãããªããšããåæã§æžãããŠããŸãã ãã ããããã¯å®å šã«çå®ã§ã¯ãããŸãã (äœãå®å šã«çå®ã§ã¯ãªãã®ã§ãããã?)ã
Envoy ã¯ããã€ãã®é·ãããã»ã¹ ããã¯ã䜿çšããŸãã
- åè¿°ããããã«ãã¢ã¯ã»ã¹ ãã°ãæžã蟌ããšããã¡ã¢ãªå ã®ãã° ãããã¡ããã£ã±ãã«ãªãåã«ããã¹ãŠã®ã¯ãŒã«ãŒ ã¹ã¬ãããåãããã¯ãååŸããŸãã ããã¯ã®ä¿ææéã¯éåžžã«çããªããã°ãªããŸããããé«ãåæå®è¡æ§ãšé«ãã¹ã«ãŒãããã§ããã¯ã競åããå¯èœæ§ããããŸãã
- Envoy ã¯éåžžã«è€éãªã·ã¹ãã ã䜿çšããŠãã¹ã¬ããã«ãšã£ãŠããŒã«ã«ãªçµ±èšãåŠçããŸãã ããã«ã€ããŠã¯å¥ã®èšäºã§åãäžããŸãã ãã ããã¹ã¬ããçµ±èšãããŒã«ã«ã§åŠçããäžç°ãšããŠãäžå€®ã®ãçµ±èšã¹ãã¢ãã®ããã¯ãååŸããå¿ èŠãããå Žåãããããšã«ã€ããŠç°¡åã«èª¬æããŸãã ãã®ããã¯ã¯æ±ºããŠå¿ èŠã§ã¯ãããŸããã
- ã¡ã€ã³ã¹ã¬ããã¯ããã¹ãŠã®ã¯ãŒã«ãŒã¹ã¬ãããšå®æçã«èª¿æŽããå¿ èŠããããŸãã ããã¯ãã¡ã€ã³ ã¹ã¬ããããã¯ãŒã«ãŒ ã¹ã¬ããã«ãå ¬éãããããšã«ãã£ãŠè¡ãããå Žåã«ãã£ãŠã¯ã¯ãŒã«ãŒ ã¹ã¬ããããã¡ã€ã³ ã¹ã¬ããã«æ»ãããšããããŸãã ãããªãã·ã¥ãããã¡ãã»ãŒãžãåŸã§é ä¿¡ããããã«ãã¥ãŒã«å ¥ããããšãã§ããããã«ãéä¿¡ã«ã¯ããã¯ãå¿ èŠã§ãã ãããã®ããã¯ã¯çå£ã«äºãããã¹ãã§ã¯ãããŸããããæè¡çã«ã¯ãããã¯ããããšãã§ããŸãã
- Envoy ãã·ã¹ãã ãšã©ãŒ ã¹ããªãŒã (æšæºãšã©ãŒ) ã«ãã°ãæžã蟌ããšãããã»ã¹å šäœã®ããã¯ãååŸãããŸãã äžè¬ã«ãEnvoy ã®ããŒã«ã« ãã®ã³ã°ã¯ããã©ãŒãã³ã¹ã®èŠ³ç¹ããèŠãŠã²ã©ããã®ã§ãããšèããããŠããããããã®æ¹åã«ã¯ããŸã泚ç®ãããŠããŸããã
- ä»ã«ãããã€ãã®ã©ã³ãã ããã¯ããããŸããããããã¯ããããããã©ãŒãã³ã¹ã«ã¯ãªãã£ã«ã«ãªãã®ã§ã¯ãªãããã決ããŠãã£ã¬ã³ãžãã¹ãã§ã¯ãããŸããã
ã¹ã¬ããã®ããŒã«ã«ã¹ãã¬ãŒãž
Envoy ã¯ã¡ã€ã³ ã¹ã¬ããã®è²¬ä»»ãã¯ãŒã«ãŒ ã¹ã¬ããã®è²¬ä»»ããåé¢ããæ¹æ³ã«ãããè€éãªåŠçãã¡ã€ã³ ã¹ã¬ããã§å®è¡ããé«åºŠã«åæ䞊è¡çã«åã¯ãŒã«ãŒ ã¹ã¬ããã«æäŸã§ãããšããèŠä»¶ããããŸãã ãã®ã»ã¯ã·ã§ã³ã§ã¯ãEnvoy ã¹ã¬ãã ããŒã«ã« ã¹ãã¬ãŒãž (TLS) ã«ã€ããŠé«ã¬ãã«ã§èª¬æããŸãã 次ã®ã»ã¯ã·ã§ã³ã§ã¯ãããã䜿çšããŠã¯ã©ã¹ã¿ãŒã管çããæ¹æ³ã«ã€ããŠèª¬æããŸãã
ãã§ã«èª¬æããããã«ãã¡ã€ã³ ã¹ã¬ãã㯠Envoy ããã»ã¹ã®å®è³ªçã«ãã¹ãŠã®ç®¡çããã³ã³ã³ãããŒã« ãã¬ãŒã³æ©èœãåŠçããŸãã ããã§ã¯ã³ã³ãããŒã« ãã¬ãŒã³ãå°ãéè² è·ã«ãªã£ãŠããŸãããEnvoy ããã»ã¹èªäœå
ã§èŠãŠãã¯ãŒã«ãŒ ã¹ã¬ãããè¡ã転éãšæ¯èŒãããšãããã¯çã«ããªã£ãŠããŸãã äžè¬çãªã«ãŒã«ãšããŠãã¡ã€ã³ ã¹ã¬ãã ããã»ã¹ã¯äœããã®äœæ¥ãå®è¡ãããã®åŸããã®äœæ¥ã®çµæã«åŸã£ãŠåã¯ãŒã«ãŒ ã¹ã¬ãããæŽæ°ããå¿
èŠããããŸãã ãã®å Žåãã¯ãŒã«ãŒ ã¹ã¬ããã¯ã¢ã¯ã»ã¹ããšã«ããã¯ãååŸããå¿
èŠã¯ãããŸããã.
Envoy ã® TLS (ã¹ã¬ãã ããŒã«ã« ã¹ãã¬ãŒãž) ã·ã¹ãã ã¯æ¬¡ã®ããã«åäœããŸãã
- ã¡ã€ã³ã¹ã¬ããã§å®è¡ãããã³ãŒãã¯ãããã»ã¹å šäœã« TLS ã¹ããããå²ãåœãŠãããšãã§ããŸãã ããã¯æœè±¡åãããŠããŸãããå®éã«ã¯ãã¯ãã«ãžã®ã€ã³ããã¯ã¹ã§ãããO(1) ã¢ã¯ã»ã¹ãæäŸããŸãã
- ã¡ã€ã³ã¹ã¬ããã¯ãä»»æã®ããŒã¿ãã¹ãããã«ã€ã³ã¹ããŒã«ã§ããŸãã ãããå®äºãããšãããŒã¿ã¯éåžžã®ã€ãã³ã ã«ãŒã ã€ãã³ããšããŠåã¯ãŒã«ãŒ ã¹ã¬ããã«ãããªãã·ã¥ãããŸãã
- ã¯ãŒã«ãŒ ã¹ã¬ããã¯ãTLS ã¹ãããããèªã¿åããããã§å©çšå¯èœãªã¹ã¬ãã ããŒã«ã« ããŒã¿ãååŸã§ããŸãã
ããã¯éåžžã«ã·ã³ãã«ã§ä¿¡ããããªãã»ã©åŒ·åãªãã©ãã€ã ã§ãããRCU (èªã¿åã-ã³ããŒ-æŽæ°) ãããã¯ã®æŠå¿µã«éåžžã«äŒŒãŠããŸãã åºæ¬çã«ãã¯ãŒã«ãŒ ã¹ã¬ããã¯ãäœæ¥ã®å®è¡äžã« TLS ã¹ãããå ã®ããŒã¿ã®å€æŽã確èªããããšã¯ãããŸããã å€åã¯ä»äºã®åéã®äŒæ©æéã«ã®ã¿èµ·ãããŸãã
Envoy ã¯ããã XNUMX ã€ã®ç°ãªãæ¹æ³ã§äœ¿çšããŸãã
- åã¯ãŒã«ãŒ ã¹ã¬ããã«ç°ãªãããŒã¿ãä¿åããããšã§ããããã¯ããããšãªãããŒã¿ã«ã¢ã¯ã»ã¹ã§ããŸãã
- åã¯ãŒã«ãŒ ã¹ã¬ããã§ã°ããŒãã« ããŒã¿ãžã®å ±æãã€ã³ã¿ãèªã¿åãå°çšã¢ãŒãã§ç¶æããããšã«ãã£ãŠã ãããã£ãŠãåã¯ãŒã«ãŒ ã¹ã¬ããã«ã¯ãäœæ¥ã®å®è¡äžã«ãã¯ãªã¡ã³ãã§ããªãããŒã¿åç §ã«ãŠã³ãããããŸãã ãã¹ãŠã®äœæ¥è ãèœã¡çããŠæ°ããå ±æããŒã¿ãã¢ããããŒãããå Žåã«ã®ã¿ãå€ãããŒã¿ãç Žæ£ãããŸãã ãã㯠RCU ãšåãã§ãã
ã¯ã©ã¹ã¿ãŒæŽæ°ã¹ã¬ãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãTLS (ã¹ã¬ãã ããŒã«ã« ã¹ãã¬ãŒãž) ã䜿çšããŠã¯ã©ã¹ã¿ãŒã管çããæ¹æ³ã«ã€ããŠèª¬æããŸãã ã¯ã©ã¹ã¿ãŒç®¡çã«ã¯ãxDS API ããã³/ãŸã㯠DNS åŠçãããã³ãã«ã¹ãã§ãã¯ãå«ãŸããŸãã
ã¯ã©ã¹ã¿ãŒ ãããŒç®¡çã«ã¯ã次ã®ã³ã³ããŒãã³ããšæé ãå«ãŸããŸãã
- ã¯ã©ã¹ã¿ãŒ ãããŒãžã£ãŒã¯ããã¹ãŠã®æ¢ç¥ã®ã¯ã©ã¹ã¿ãŒ ã¢ããã¹ããªãŒã ãã¯ã©ã¹ã¿ãŒæ€åºãµãŒãã¹ (CDS) APIãã·ãŒã¯ã¬ããæ€åºãµãŒãã¹ (SDS) ããã³ãšã³ããã€ã³ãæ€åºãµãŒãã¹ (EDS) APIãDNSãããã³ã¢ã¯ãã£ããªå€éšãã§ãã¯ã®ãã«ã¹ ãã§ãã¯ã管çãã Envoy å ã®ã³ã³ããŒãã³ãã§ãã ããã¯ãæ€åºããããã¹ããšå¥å šæ§ã¹ããŒã¿ã¹ãå«ããåã¢ããã¹ããªãŒã ã¯ã©ã¹ã¿ãŒã®ãæçµçã«äžè²«æ§ã®ããããã¥ãŒãäœæãã圹å²ãæãããŸãã
- ãã«ã¹ ãã§ãã«ãŒã¯ã¢ã¯ãã£ããªãã«ã¹ ãã§ãã¯ãå®è¡ãããã«ã¹ ã¹ããŒã¿ã¹ã®å€åãã¯ã©ã¹ã¿ãŒ ãããŒãžã£ãŒã«å ±åããŸãã
- CDS (Cluster Discovery Service) / SDS (Secret Discovery Service) / EDS (Endpoint Discovery Service) / DNS ãå®è¡ãããŠãã¯ã©ã¹ã¿ãŒã®ã¡ã³ããŒã·ããã決å®ãããŸãã ç¶æ ã®å€åã¯ã¯ã©ã¹ã¿ãŒ ãããŒãžã£ãŒã«è¿ãããŸãã
- åã¯ãŒã«ãŒ ã¹ã¬ããã¯ã€ãã³ã ã«ãŒããç¶ç¶çã«å®è¡ããŸãã
- ã¯ã©ã¹ã¿ãŒ ãããŒãžã£ãŒã¯ãã¯ã©ã¹ã¿ãŒã®ç¶æ ãå€åãããšå€æãããšãã¯ã©ã¹ã¿ãŒã®ç¶æ ã®æ°ããèªã¿åãå°çšã¹ãããã·ã§ãããäœæãããããåã¯ãŒã«ãŒ ã¹ã¬ããã«éä¿¡ããŸãã
- 次ã®éæ¢æéäžã«ãã¯ãŒã«ãŒ ã¹ã¬ããã¯å²ãåœãŠããã TLS ã¹ãããã®ã¹ãããã·ã§ãããæŽæ°ããŸãã
- ããŒã ãã©ã³ã·ã³ã°ãããã¹ãã決å®ãã I/O ã€ãã³ãäžã«ãããŒã ãã©ã³ãµãŒã¯ãã¹ãã«é¢ããæ å ±ãååŸããããã« TLS (ã¹ã¬ãã ããŒã«ã« ã¹ãã¬ãŒãž) ã¹ããããèŠæ±ããŸãã ããã«ã¯ããã¯ã¯å¿ èŠãããŸããã ãŸããTLS ã¯æŽæ°ã€ãã³ããããªã¬ãŒããŠãããŒã ãã©ã³ãµãŒããã®ä»ã®ã³ã³ããŒãã³ãããã£ãã·ã¥ãããŒã¿æ§é ãªã©ãåèšç®ã§ããããšã«ã泚æããŠãã ããã ããã¯ãã®æçš¿ã®ç¯å²ãè¶ ããŠããŸãããã³ãŒãå ã®ããŸããŸãªå Žæã§äœ¿çšãããŠããŸãã
äžèšã®æé ã䜿çšãããšãEnvoy ã¯ãããã¯ããããšãªããã¹ãŠã®ãªã¯ãšã¹ããåŠçã§ããŸã (åè¿°ã®å Žåãé€ã)ã TLS ã³ãŒãèªäœã®è€éãã¯å¥ãšããŠãã»ãšãã©ã®ã³ãŒãã¯ãã«ãã¹ã¬ããã®ä»çµã¿ãç解ããå¿ èŠããªããã·ã³ã°ã«ã¹ã¬ããã§èšè¿°ã§ããŸãã ããã«ãããåªããããã©ãŒãã³ã¹ã«å ããŠãã»ãšãã©ã®ã³ãŒãã®èšè¿°ã容æã«ãªããŸãã
TLS ãå©çšãããã®ä»ã®ãµãã·ã¹ãã
Envoy ã§ã¯ TLS (Thread local storage) ãš RCU (Read Copy Update) ãåºã䜿çšãããŠããŸãã
䜿çšäŸ
- å®è¡äžã«æ©èœãå€æŽããã¡ã«ããºã : æå¹ãªæ©èœã®çŸåšã®ãªã¹ãã¯ã¡ã€ã³ã¹ã¬ããã§èšç®ãããŸãã 次ã«ãRCU ã»ãã³ãã£ã¯ã¹ã䜿çšããŠãåã¯ãŒã«ãŒ ã¹ã¬ããã«èªã¿åãå°çšã®ã¹ãããã·ã§ãããäžããããŸãã
- ã«ãŒãããŒãã«ã®çœ®ãæã: RDS (Route Discovery Service) ã«ãã£ãŠæäŸãããã«ãŒã ããŒãã«ã®å Žåãã«ãŒã ããŒãã«ã¯ã¡ã€ã³ã¹ã¬ããäžã«äœæãããŸãã ãã®åŸãèªã¿åãå°çšã¹ãããã·ã§ããã¯ãRCU (èªã¿åãã³ããŒæŽæ°) ã»ãã³ãã£ã¯ã¹ã䜿çšããŠåã¯ãŒã«ãŒ ã¹ã¬ããã«æäŸãããŸãã ããã«ãããã«ãŒã ããŒãã«ã®å€æŽãã¢ãããã¯ã«å¹ççã«è¡ãããŸãã
- HTTP ããããŒã®ãã£ãã·ã¥: çµå±ã®ãšãããåãªã¯ãšã¹ãã® HTTP ããããŒãèšç®ããã®ã¯ (ã³ã¢ããšã«æ倧 25 以äžã® RPS ãå®è¡ããªãã) éåžžã«ã³ã¹ããããããŸãã Envoy ã¯ãããããŒãçŽ XNUMX ç§ããšã«äžå€®ã§èšç®ããTLS ããã³ RCU çµç±ã§åã¯ãŒã«ãŒã«æäŸããŸãã
ä»ã«ãã±ãŒã¹ã¯ãããŸãããåã®äŸã¯ TLS ãäœã«äœ¿çšãããããããç解ããã®ã«åœ¹ç«ã¡ãŸãã
æ¢ç¥ã®ããã©ãŒãã³ã¹äžã®èœãšãç©Ž
Envoy ã¯å šäœçã«ã¯éåžžã«åªããããã©ãŒãã³ã¹ãçºæ®ããŸãããéåžžã«é«ãåæå®è¡æ§ãšã¹ã«ãŒãããã§äœ¿çšããå Žåã«ã¯æ³šæãå¿ èŠãªæ³šç®ãã¹ãé åãããã€ããããŸãã
- ãã®èšäºã§èª¬æãããŠããããã«ãçŸåšããã¹ãŠã®ã¯ãŒã«ãŒ ã¹ã¬ããã¯ãã¢ã¯ã»ã¹ ãã° ã¡ã¢ãª ãããã¡ã«æžã蟌ããšãã«ããã¯ãååŸããŸãã é«ãåæå®è¡æ§ãšé«ãã¹ã«ãŒãããã§ã¯ãæçµãã¡ã€ã«ã«æžã蟌ããšãã«é åºã©ããã«é ä¿¡ãããªã代ããã«ãã¯ãŒã«ãŒ ã¹ã¬ããããšã«ã¢ã¯ã»ã¹ ãã°ããããåŠçããå¿ èŠããããŸãã ãããã¯ãã¯ãŒã«ãŒ ã¹ã¬ããããšã«åå¥ã®ã¢ã¯ã»ã¹ ãã°ãäœæããããšãã§ããŸãã
- çµ±èšã¯é«åºŠã«æé©åãããŠããŸãããåæå®è¡æ§ãšã¹ã«ãŒããããéåžžã«é«ãå Žåãåã ã®çµ±èšã§ã¢ãããã¯ãªç«¶åãçºçããå¯èœæ§ããããŸãã ãã®åé¡ã®è§£æ±ºçã¯ãäžå€®ã«ãŠã³ã¿ãŒãå®æçã«ãªã»ããããã¯ãŒã«ãŒ ã¹ã¬ããããšã®ã«ãŠã³ã¿ãŒã§ãã ããã«ã€ããŠã¯ãåŸã®æçš¿ã§èª¬æããŸãã
- 倧éã®åŠçãªãœãŒã¹ãå¿ èŠãšããæ¥ç¶ãéåžžã«å°ãªãã·ããªãªã« Envoy ããããã€ããå ŽåãçŸåšã®ã¢ãŒããã¯ãã£ã¯é©åã«æ©èœããŸããã æ¥ç¶ãã¯ãŒã«ãŒ ã¹ã¬ããéã§åçã«åæ£ããããšããä¿èšŒã¯ãããŸããã ããã¯ãã¯ãŒã«ãŒæ¥ç¶ã®ãã©ã³ã·ã³ã°ãå®è£ ããããšã§è§£æ±ºã§ããŸããããã«ãããã¯ãŒã«ãŒ ã¹ã¬ããéã®æ¥ç¶ã®äº€æãå¯èœã«ãªããŸãã
çµè«
Envoy ã®ã¹ã¬ãã ã¢ãã«ã¯ãæ£ããæ§æãããŠããªãå Žåãæœåšçã«ç¡é§ãªã¡ã¢ãªãšæ¥ç¶ãç ç²ã«ããŠãããã°ã©ãã³ã°ã®å®¹æããšå€§èŠæš¡ãªäžŠååŠçãæäŸããããã«èšèšãããŠããŸãã ãã®ã¢ãã«ã§ã¯ãéåžžã«é«ãã¹ã¬ããæ°ãšã¹ã«ãŒãããã§éåžžã«åªããããã©ãŒãã³ã¹ãçºæ®ããŸãã
Twitter ã§ç°¡åã«è¿°ã¹ãããã«ããã®èšèšã¯ DPDK (ããŒã¿ ãã¬ãŒã³éçºããã) ãªã©ã®å®å
šãªãŠãŒã¶ãŒ ã¢ãŒã ãããã¯ãŒãã³ã° ã¹ã¿ãã¯äžã§å®è¡ããããšãã§ãããããåŸæ¥ã®ãµãŒããŒãå®å
šãª L7 åŠç㧠XNUMX ç§ãããæ°çŸäžã®ãªã¯ãšã¹ããåŠçããå¯èœæ§ããããŸãã ä»åŸæ°å¹Žéã§äœãæ§ç¯ãããããèŠãã®ã¯éåžžã«èå³æ·±ãã§ãããã
æåŸã«ç°¡åãªã³ã¡ã³ãã XNUMX ã€: Envoy ã« C++ ãéžãã çç±ãäœåºŠãèãããŸããã ãã®çç±ã¯ããã®èšäºã§èª¬æããã¢ãŒããã¯ãã£ãæ§ç¯ã§ãããåºã䜿çšãããŠããå¯äžã®å·¥æ¥ã°ã¬ãŒãèšèªã§ããããã§ãã C++ ã¯ããã¹ãŠã®ãããžã§ã¯ãããããã¯å€ãã®ãããžã§ã¯ãã«é©ããŠããããã§ã¯ãããŸããããç¹å®ã®ãŠãŒã¹ã±ãŒã¹ã§ã¯ãäŸç¶ãšããŠä»äºãéè¡ããããã®å¯äžã®ããŒã«ã§ãã
ã³ãŒããžã®ãªã³ã¯
ãã®æçš¿ã§èª¬æãããŠããã€ã³ã¿ãŒãã§ã€ã¹ãšããããŒå®è£ ãå«ããã¡ã€ã«ãžã®ãªã³ã¯:
github.com/lyft/envoy/blob/master/include/envoy/thread_local/thread_local.h github.com/lyft/envoy/blob/master/source/common/thread_local/thread_local_impl.h github.com/lyft/envoy/blob/master/include/envoy/upstream/cluster_manager.h github.com/lyft/envoy/blob/master/source/common/upstream/cluster_manager_impl.h
åºæïŒ habr.com