Pulogalamu ya ProHoster > Blog > Ulamuliro > Kusamuka kuchokera ku Nginx kupita ku Envoy Proxy

Kusamuka kuchokera ku Nginx kupita ku Envoy Proxy

Moni, Habr! Ndikubweretsa kwa inu kumasulira kwa positi: Kusamuka kuchokera ku Nginx kupita ku Envoy Proxy.

Mtumiki ndi seva ya proxy yogawidwa kwambiri (yolembedwa mu C ++) yopangidwira mautumiki aumwini ndi ntchito, imakhalanso basi yolumikizirana ndi "ndege yapadziko lonse lapansi" yopangidwira zomangamanga zazikulu za microservice "service mesh". Popanga izo, njira zothetsera mavuto omwe anadza panthawi ya chitukuko cha ma seva monga NGINX, HAProxy, zolemetsa zolemetsa za hardware ndi cloud load balancers zinaganiziridwa. Envoy imagwira ntchito limodzi ndi pulogalamu iliyonse ndikuchotsa netiweki kuti ipereke magwiridwe antchito wamba mosasamala kanthu za nsanja. Pamene magalimoto onse amtundu wa zomangamanga adutsa mu mesh ya Envoy, zimakhala zosavuta kuwona madera omwe ali ndi vuto ndi kuwonetseredwa kosasinthasintha, kumvetsera machitidwe onse, ndi kuwonjezera magwiridwe antchito pamalo enaake.

Zida

  • Zomangamanga zopanda ntchito: nthumwi ndi seva yodziyimira yokha, yogwira ntchito kwambiri yomwe imatenga RAM pang'ono. Zimagwira ntchito molumikizana ndi chilankhulo chilichonse kapena chimango.
  • Thandizo la http/2 ndi grpc: nthumwi ili ndi kalasi yoyamba ya http/2 ndi thandizo la grpc pamalumikizidwe obwera ndi otuluka. Iyi ndi projekiti yowonekera kuchokera ku http/1.1 kupita ku http/2.
  • Advanced Load Balancing: nthumwi imathandizira zinthu zapamwamba zowongolera katundu kuphatikiza zoyeserera zokha, kuthyoka kwa unyolo, kuchepetsa mitengo yapadziko lonse lapansi, kupempha mthunzi, kusanja katundu wadera, ndi zina zambiri.
  • Configuration Management API: nthumwi imakupatsirani API yolimba yowongolera kasinthidwe kwanu.
  • Kuwoneka: Kuwoneka mozama kwa kuchuluka kwa magalimoto a L7, kuthandizira kwachilengedwe pakutsata kugawidwa ndi kuwonedwa kwa mongodb, dynamodb ndi mapulogalamu ena ambiri.

Gawo 1 - Chitsanzo NGINX Config

Cholemba ichi chimagwiritsa ntchito fayilo yopangidwa mwapadera nginx.conf, kutengera chitsanzo chonse chochokera NGINX Wiki. Mutha kuwona kasinthidwe mu mkonzi potsegula nginx.conf

nginx source config

user  www www;
pid /var/run/nginx.pid;
worker_processes  2;

events {
  worker_connections   2000;
}

http {
  gzip on;
  gzip_min_length  1100;
  gzip_buffers     4 8k;
  gzip_types       text/plain;

  log_format main      '$remote_addr - $remote_user [$time_local]  '
    '"$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '"$gzip_ratio"';

  log_format download  '$remote_addr - $remote_user [$time_local]  '
    '"$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '"$http_range" "$sent_http_content_range"';

  upstream targetCluster {
    172.18.0.3:80;
    172.18.0.4:80;
  }

  server {
    listen        8080;
    server_name   one.example.com  www.one.example.com;

    access_log   /var/log/nginx.access_log  main;
    error_log  /var/log/nginx.error_log  info;

    location / {
      proxy_pass         http://targetCluster/;
      proxy_redirect     off;

      proxy_set_header   Host             $host;
      proxy_set_header   X-Real-IP        $remote_addr;
    }
  }
}

Zosintha za NGINX nthawi zambiri zimakhala ndi zinthu zitatu zofunika:

  1. Kukonza seva ya NGINX, mawonekedwe a chipika ndi magwiridwe antchito a Gzip. Izi zimafotokozedwa padziko lonse muzochitika zonse.
  2. Kukonza NGINX kuti ivomereze zopempha kwa wolandira one.example.com pa port 8080.
  3. Kukhazikitsa malo omwe mukufuna, momwe mungasamalire kuchuluka kwa magalimoto pamagawo osiyanasiyana a URL.

Si masinthidwe onse omwe angagwire ntchito kwa Envoy Proxy, ndipo simuyenera kukonza zina. Envoy Proxy ali nayo mitundu inayi yofunika, zomwe zimathandizira maziko oyambira operekedwa ndi NGINX. Pakatikati ndi:

  • Omvera: Amazindikira momwe Envoy Proxy amavomerezera zopempha zomwe zikubwera. Envoy Proxy pakadali pano imathandizira omvera ozikidwa pa TCP okha. Kulumikizana kukakhazikitsidwa, kumaperekedwa ku gulu la zosefera kuti zisinthidwe.
  • Zosefera: Iwo ndi gawo la mapangidwe a mapaipi omwe amatha kukonza deta yomwe ikubwera ndi yotuluka. Izi zikuphatikiza zosefera monga Gzip, zomwe zimakanikizira data musanatumize kwa kasitomala.
  • Ma routers: Amatumiza magalimoto kumalo ofunikira, omwe amafotokozedwa ngati gulu.
  • Magulu: Iwo amatanthauzira mapeto a magalimoto ndi kasinthidwe magawo.

Tidzagwiritsa ntchito zigawo zinayi izi kuti tipange kasinthidwe ka Evoy Proxy kuti tigwirizane ndi kasinthidwe ka NGINX. Cholinga cha Envoy ndikugwira ntchito ndi ma API ndi kasinthidwe kosinthika. Pachifukwa ichi, kasinthidwe koyambira kudzagwiritsa ntchito zosintha zokhazikika, zolimba kuchokera ku NGINX.

Khwerero 2 - Kusintha kwa NGINX

Gawo loyamba nginx.conf imatanthauzira ena amkati a NGINX omwe akuyenera kukonzedwa.

Mgwirizano wa Antchito

Kukonzekera pansipa kumatsimikizira kuchuluka kwa njira za ogwira ntchito ndi maulumikizidwe. Izi zikuwonetsa momwe NGINX idzakulira kuti ikwaniritse zofunikira.

worker_processes  2;

events {
  worker_connections   2000;
}

Envoy Proxy imayang'anira kayendedwe ka ntchito ndi kulumikizana m'njira zosiyanasiyana.

Mtumiki amapanga ulusi wogwira ntchito pa ulusi uliwonse wa hardware mu dongosolo. Ulusi uliwonse wa ogwira ntchito umapanga loop yosatsekereza yomwe imayang'anira

  1. Kumvetsera kwa womvera aliyense
  2. Kulandira maulumikizidwe atsopano
  3. Kupanga zosefera zolumikizirana
  4. Chitani ntchito zonse za I/O panthawi yonse yolumikizira.

Kukonzekera kwina kulikonse kumayendetsedwa kwathunthu mu ulusi wogwira ntchito, kuphatikizapo khalidwe lililonse lotumizira.

Pa ulusi uliwonse wogwira ntchito ku Envoy, pali dziwe lolumikizira. Chifukwa chake maiwe olumikizira a HTTP/2 amangokhazikitsa kulumikizana kumodzi kwa wolandila wakunja panthawi imodzi, ngati pali ulusi wa ogwira ntchito anayi padzakhala maulumikizidwe anayi a HTTP/2 pagulu lakunja lokhazikika. Mwa kusunga chirichonse mu ulusi umodzi wa ogwira ntchito, pafupifupi code yonse ikhoza kulembedwa popanda kutsekereza, ngati kuti ili ndi ulusi umodzi. Ngati ulusi wochuluka wa ogwira ntchito waperekedwa kuposa momwe ungafunikire, izi zingayambitse kukumbukira kutayika, kupanga chiwerengero chachikulu cha maulumikizidwe opanda pake, ndi kuchepetsa kuchuluka kwa maulendo omwe malumikizidwe amabwereranso ku dziwe.

Kuti mudziwe zambiri pitani Envoy Proxy blog.

Kusintha kwa HTTP

Chotsatira chotsatira cha NGINX chimatanthawuza zokonda za HTTP monga:

  • Mitundu ya mime yomwe imathandizidwa
  • Nthawi Zofikira
  • Gzip Configuration

Mutha kusintha izi pogwiritsa ntchito zosefera mu Envoy Proxy, zomwe tikambirana pambuyo pake.

Khwerero 3 - Kusintha kwa Seva

Mu chipika cha kasinthidwe ka HTTP, kasinthidwe ka NGINX kumatanthawuza kumvera pa doko 8080 ndikuyankha zopempha zomwe zikubwera za madambwe. one.example.com ΠΈ www.one.example.com.

 server {
    listen        8080;
    server_name   one.example.com  www.one.example.com;

M'kati mwa Envoy, imayendetsedwa ndi Omvera.

Nthumwi omvera

Chofunikira kwambiri poyambira ndi Envoy Proxy ndikutanthauzira omvera anu. Muyenera kupanga fayilo yosinthira yomwe imafotokoza momwe mukufuna kuyendetsa Evoy.

Chidutswa chomwe chili pansipa chidzapanga womvera watsopano ndikumangirira ku doko 8080. Kukonzekera kumauza Envoy Proxy kuti ndi madoko omwe ayenera kumangirira pazopempha zomwe zikubwera.

Envoy Proxy imagwiritsa ntchito zolemba za YAML pakukonza kwake. Kuti mumve zonena izi, onani apa kulumikizana.

Copy to Editorstatic_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 8080 }

Palibe chifukwa chofotokozera seva_name, popeza zosefera za Evoy Proxy zitha kuchita izi.

Khwerero 4 - Kusintha Kwamalo

Pempho likabwera ku NGINX, malo omwe amalowa amasankha momwe angayendetsere komanso komwe angayendetse magalimoto. Pachidutswa chotsatirachi, magalimoto onse opita patsambalo amasamutsidwa kupita kumtunda (zolemba za womasulira: kumtunda kumakhala seva yogwiritsira ntchito) gulu lotchedwa targetCluster. Gulu lakumtunda limatanthauzira ma node omwe akuyenera kuyankha pempholo. Tikambirana izi mu sitepe yotsatira.

location / {
    proxy_pass         http://targetCluster/;
    proxy_redirect     off;

    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
}

Ku Envoy, Zosefera amachita izi.

Zosefera za Evoy

Pakusintha kosasintha, zosefera zimatsimikizira momwe angagwiritsire ntchito zopempha zomwe zikubwera. Pankhaniyi timayika zosefera zomwe zimagwirizana seva_mazina mu sitepe yapitayi. Zopempha zomwe zikubwera zikafika zomwe zikufanana ndi madera ndi njira zina, kuchuluka kwa magalimoto kumayendetsedwa kumagulu. Izi ndizofanana ndi kasinthidwe ka NGINX pansi-mmwamba.

Copy to Editor    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          codec_type: auto
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: backend
              domains:
                - "one.example.com"
                - "www.one.example.com"
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: targetCluster
          http_filters:
          - name: envoy.router

dzina nthumwi.http_connection_manager ndi fyuluta yomangidwa mu Envoy Proxy. Zosefera zina zikuphatikizapo Redis, Mongo, TCP. Mutha kupeza mndandanda wathunthu pa zolemba.

Kuti mumve zambiri za mfundo zina zosinthira katundu, pitani Zolemba za Evoy.

Khwerero 5 - Kusintha kwa Proxy ndi Kumtunda kwa Mtsinje

Mu NGINX, kasinthidwe kamtunda kumatanthawuza seti ya ma seva omwe amayendetsa magalimoto. Pachifukwa ichi, magulu awiri adapatsidwa.

  upstream targetCluster {
    172.18.0.3:80;
    172.18.0.4:80;
  }

Mu Envoy, izi zimayendetsedwa ndi magulu.

Envoy Clusters

Zofanana za kumtunda zimatanthauzidwa ngati masango. Pankhaniyi, makamu omwe adzatumikire magalimoto adziwika. Momwe makamu amafikirako, monga kutha kwa nthawi, amatanthauzidwa ngati kasinthidwe kamagulu. Izi zimalola kuwongolera kochulukirapo pazinthu monga latency ndi kusanja kwa katundu.

Copy to Editor  clusters:
  - name: targetCluster
    connect_timeout: 0.25s
    type: STRICT_DNS
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    hosts: [
      { socket_address: { address: 172.18.0.3, port_value: 80 }},
      { socket_address: { address: 172.18.0.4, port_value: 80 }}
    ]

Mukamagwiritsa ntchito kuzindikira kwautumiki STRICT_DNS Mtumiki adzathetsa mosalekeza komanso mosasinthasintha zolinga za DNS zomwe zatchulidwa. Adilesi iliyonse yobwezeredwa ya IP kuchokera pazotsatira za DNS idzatengedwa ngati gulu lodziwika bwino pagulu lakumtunda. Izi zikutanthauza kuti ngati pempho libweza ma adilesi awiri a IP, Envoy angaganize kuti pali makamu awiri mgululi, ndipo onse awiri ayenera kukhala oyenera. Ngati wolandirayo achotsedwa pazotsatira, Mtumiki adzaganiza kuti kulibe ndipo adzakoka magalimoto kuchokera kumadziwe omwe alipo.

Kuti mumve zambiri onani Zolemba zoyimira nthumwi.

Khwerero 6 - Log Access ndi Zolakwika

Kusintha komaliza ndikulembetsa. M'malo mokankhira zolemba zolakwika ku disk, Envoy Proxy amatenga njira yochokera pamtambo. Zolemba zonse zamapulogalamu zimatulutsidwa stdout ΠΈ wochita.

Ogwiritsa ntchito akapempha, zolemba zofikira ndizosankha ndipo zimayimitsidwa mwachisawawa. Kuti mutsegule malo ofikira pazofunsira za HTTP, yambitsani kusinthidwa access_log kwa woyang'anira kulumikizana kwa HTTP. Njira ikhoza kukhala chipangizo monga stdout, kapena fayilo pa diski, kutengera zomwe mukufuna.

Kukonzekera kotsatiraku kudzalozeranso zolemba zonse zolowera stdout (zolemba zomasulira - stdout ikufunika kuti mugwiritse ntchito nthumwi mkati mwa docker. Ngati ikugwiritsidwa ntchito popanda docker, sinthani /dev/stdout ndi njira yopita ku fayilo yokhazikika). Lembani snippet ku gawo lokonzekera la woyang'anira kugwirizana:

Copy to Clipboardaccess_log:
- name: envoy.file_access_log
  config:
    path: "/dev/stdout"

Zotsatira ziyenera kuwoneka motere:

      - name: envoy.http_connection_manager
        config:
          codec_type: auto
          stat_prefix: ingress_http
          access_log:
          - name: envoy.file_access_log
            config:
              path: "/dev/stdout"
          route_config:

Mwachikhazikitso, Envoy ili ndi chingwe chomwe chimaphatikizapo tsatanetsatane wa pempho la HTTP:

[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n

Zotsatira zamtundu uwu ndi:

[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"

The linanena bungwe zili akhoza makonda poika mtundu kumunda. Mwachitsanzo:

access_log:
- name: envoy.file_access_log
  config:
    path: "/dev/stdout"
    format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"

Mzere wa chipika ukhozanso kutulutsidwa mu mtundu wa JSON poyika gawolo json_format. Mwachitsanzo:

access_log:
- name: envoy.file_access_log
  config:
    path: "/dev/stdout"
    json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}

Kuti mumve zambiri pa Njira Yolembera Evoy, pitani

https://www.envoyproxy.io/docs/envoy/latest/configuration/access_log#config-access-log-format-dictionaries

Kudula mitengo si njira yokhayo yopezera chidziwitso chogwira ntchito ndi Envoy Proxy. Ili ndi luso lapamwamba lotsatirira ndi ma metrics omwe amapangidwiramo. Mutha kudziwa zambiri pa kutsatira zolembedwa kapena kudzera Interactive tracing script.

Khwerero 7 - Yambitsani

Tsopano mwasamutsa masinthidwe anu kuchokera ku NGINX kupita ku Envoy Proxy. Chomaliza ndikuyambitsa chitsanzo cha Envoy Proxy kuti muyese.

Thamangani ngati wosuta

Pamwamba pa mzere wa kasinthidwe wa NGINX wosuta www; imatchula kuyendetsa NGINX ngati wogwiritsa ntchito mwayi wochepa kuti apititse patsogolo chitetezo.

Envoy Proxy imatenga njira yokhazikika pamtambo pakuwongolera omwe ali ndi ndondomeko. Tikamayendetsa Envoy Proxy kudzera mu chidebe, titha kufotokozera wogwiritsa ntchito mwayi wotsika.

Kuyambitsa Envoy Proxy

Lamulo lomwe lili pansipa lidzayendetsa Envoy Proxy kudzera mu chidebe cha Docker pa wolandirayo. Lamuloli limapatsa Mtumiki mphamvu yomvetsera zopempha zomwe zikubwera pa doko 80. Komabe, monga momwe tafotokozera mu kasinthidwe ka omvera, Mtumiki Woyimira Mtumiki amamvetsera magalimoto obwera pa doko 8080. Izi zimalola kuti ndondomekoyi igwire ntchito ngati wogwiritsa ntchito mwayi wochepa.

docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy

Kuyesa

Ndi projekiti ikugwira ntchito, zoyesa zitha kupangidwa ndikusinthidwa. Lamulo lotsatira la cURL limapereka pempho ndi mutu wapampando wofotokozedwa mu kasinthidwe ka proxy.

curl -H "Host: one.example.com" localhost -i

Pempho la HTTP libweretsa cholakwika 503. Izi zili choncho chifukwa malumikizidwe akumtunda sakugwira ntchito ndipo palibe. Chifukwa chake, Woyimilira Wathu alibe malo oti apemphe. Lamulo lotsatirali lidzayambitsa mndandanda wa mautumiki a HTTP omwe amafanana ndi kasinthidwe kofotokozedwa kwa Envoy.

docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;

Ndi ntchito zomwe zilipo, Envoy imatha kuyitanitsa anthu ambiri komwe ikupita.

curl -H "Host: one.example.com" localhost -i

Muyenera kuwona yankho lomwe likuwonetsa kuti chidebe cha Docker chidayankha pempholo. Muzolemba za Envoy Proxy muyenera kuwonanso chingwe chofikira.

Mitu Yowonjezera Yankho ya HTTP

Mudzawona mitu yowonjezera ya HTTP pamitu yamayankho ya pempho lenileni. Mutuwu ukuwonetsa nthawi yomwe wolandirayo adakhala akukonza zopemphazo. Kuwonetsedwa mu milliseconds. Izi ndizothandiza ngati kasitomala akufuna kudziwa nthawi yautumiki poyerekeza ndi latency network.

x-envoy-upstream-service-time: 0
server: envoy

Final config

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 8080 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          codec_type: auto
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: backend
              domains:
                - "one.example.com"
                - "www.one.example.com"
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: targetCluster
          http_filters:
          - name: envoy.router
          clusters:
  - name: targetCluster
    connect_timeout: 0.25s
    type: STRICT_DNS
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    hosts: [
      { socket_address: { address: 172.18.0.3, port_value: 80 }},
      { socket_address: { address: 172.18.0.4, port_value: 80 }}
    ]

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9090 }

Zowonjezera kuchokera kwa womasulira

Malangizo oyika Envoy Proxy akupezeka patsamba https://www.getenvoy.io/

Mwachikhazikitso, rpm ilibe dongosolo la serviced.

Onjezani dongosolo la serviced /etc/systemd/system/envoy.service:

[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service

[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.target

Muyenera kupanga chikwatu /etc/envoy/ ndikuyika config.yaml config pamenepo.

Pali macheza a telegraph pogwiritsa ntchito nthumwi: https://t.me/envoyproxy_ru

Envoy Proxy sichirikiza kutumikira zokhazikika. Chifukwa chake, ndani angavotere gawoli: https://github.com/envoyproxy/envoy/issues/378

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Kodi positiyi yakulimbikitsani kuti muyike ndikuyesa projekiti ya nthumwi?

  • inde

  • palibe

Ogwiritsa 75 adavota. Ogwiritsa ntchito 18 adakana.

Source: www.habr.com

Kuwonjezera ndemanga