Talofa, Habr! Ou te faailoa atu ia te outou se faaliliuga o le pou: .
O le avefeau o se faʻasalalauga faʻasalalau faʻasalalau maualuga (tusia i le C ++) ua fuafuaina mo auaunaga taʻitasi ma talosaga, o se pasi fesoʻotaʻiga ma "vaalele faʻamatalaga lautele" ua fuafuaina mo le tele o microservice "mesh mesh" architectures. I le fausiaina, o fofo i faʻafitauli na tulaʻi mai i le taimi o le atinaʻeina o 'auʻaunaga e pei ole NGINX, HAProxy, mea faʻapipiʻi faʻapipiʻi ma mea faʻapipiʻi faʻapipiʻi na faʻaaogaina. E galue le avefeau fa'atasi ma talosaga ta'itasi ma fa'ate'aina le feso'ota'iga ina ia maua ai galuega masani e tusa lava po'o le a le fa'avae. A o'o uma fe'avea'iga i totonu o se atina'e tetele e ala i le Envoy mesh, o le a faigofie ona va'ava'ai i vaega fa'afitauli ma le mata'ituina faifaipea, fa'afetaui le fa'atinoga atoa, ma fa'aopoopo galuega autu i se nofoaga patino.
Faʻapitoa
- Fa'ata'ita'iga i fafo atu o le fa'agasologa: o le avefe'au o se 'au'aunaga fa'apitoa, maualuga fa'atinoga e fa'aaogaina sina vaega ole RAM. E galue faʻatasi ma soʻo se gagana faʻaoga poʻo faʻavae.
- http/2 ma le grpc lagolago: avefe'au ei ai le vasega muamua http/2 ma le grpc lagolago mo feso'ota'iga ulufale ma fafo. O se sui manino lea mai le http/1.1 i le http/2.
- Advanced Load Balancing: e lagolagoina e le avefe'au tulaga fa'apaleni uta maualuga e aofia ai le toe otometi, motusia filifili, fa'atapula'aina o fua o le lalolagi, fa'apolopolo talosaga, paleni uta o sone i le lotoifale, ma isi.
- Fa'atonuga API: avefe'au e tu'uina atu se API malosi mo le fa'atonuina o lau fa'atonuga.
- Mata'ituina: Malamalama loloto o fefa'ataua'iga L7, lagolago fa'ale-aganu'u mo su'esu'ega tufatufaina ma le mata'ituina o mongodb, dynamodb ma le tele o isi talosaga.
Laasaga 1 - Faataitaiga NGINX Config
O lenei tusitusiga e faʻaogaina ai se faila faʻapitoa nginx.conf, fa'avae i le fa'ata'ita'iga atoa mai . E mafai ona e vaʻai i le faʻatulagaga i le faatonu e ala i le tatalaina nginx.conf
nginx source config
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}O faʻasalalauga NGINX e masani ona tolu elemene autu:
- Fa'atulagaina le server NGINX, fausaga ogalaau ma galuega a le Gzip. O lenei mea e faʻamatalaina i le lalolagi atoa i tulaga uma.
- Fa'atonu NGINX e talia talosaga ile talimalo one.example.com luga ole port 8080.
- Faʻatulagaina le nofoaga faʻatatau, faʻafefea ona faʻatautaia fefaʻatauaiga mo vaega eseese o le URL.
E le o fa'atonuga uma o le a fa'aoga i le Envoy Proxy, ma e te le mana'omia le fa'atulagaina o nisi tulaga. E iai le Avefe'au Sui fa ituaiga autu, lea e lagolagoina ai atina'e autu na ofoina mai e NGINX. Ole autu ole:
- Tagata fa'alogologo: Latou te fuafuaina pe faʻafefea ona talia e le Envoy Proxy talosaga o loʻo oʻo mai. E na'o le au fa'alogologo TCP e lagolagoina e le Envoy Proxy. O le taimi lava e faʻamautu ai se fesoʻotaʻiga, e pasi atu i se seti o filiga mo le gaioiga.
- Filifiliga: O latou o se vaega o le fausaga o paipa e mafai ona faʻatautaia faʻamatalaga ulufale ma fafo. O lenei galuega e aofia ai filiga e pei ole Gzip, lea e faʻapipiʻi ai faʻamaumauga aʻo leʻi tuʻuina atu i le kalani.
- Auala: Latou te tuʻuina atu feʻaveaʻi i le mea e manaʻomia, faʻamatalaina o se fuifui.
- Vaega: Latou te faʻamalamalamaina le faʻaiʻuga mo fefaʻatauaiga ma faʻasologa o faʻasologa.
O le a matou faʻaogaina nei vaega e fa e fai ai se faʻasologa o le Envoy Proxy e fetaui ma se faʻatulagaga NGINX patino. Ole sini ole avefe'au ole galulue fa'atasi ma APIs ma fa'atonuga malosi. I lenei tulaga, o le faʻavae faʻavae o le a faʻaogaina faʻamaufaʻailoga, faʻailoga faigata mai NGINX.
Laasaga 2 - NGINX Configuration
Vaega muamua nginx.conf faʻamatalaina nisi NGINX internals e manaʻomia ona faʻatulagaina.
So'oga Tagata Faigaluega
O le fa'atulagaga o lo'o i lalo e fuafua ai le aofa'i o faiga ma feso'ota'iga a tagata faigaluega. O loʻo faʻaalia ai pe faʻafefea e le NGINX ona faʻafetaui le manaʻoga.
worker_processes 2;
events {
worker_connections 2000;
}O le Envoy Proxy e fa'atautaia galuega ma feso'ota'iga i auala eseese.
E fa'atūina e le Envoy se filo mo tagata faigaluega mo so'o se masini komepiuta i totonu o le faiga. O filo a tagata faigaluega ta'itasi e fa'atino se fa'alavelave fa'alavelave e nafa ma
- Faalogo i tagata faalogologo taitasi
- Taliaina o feso'ota'iga fou
- Fausia se seti o filiga mo se feso'ota'iga
- Fa'agasolo uma fa'agaioiga I/O i le olaga atoa ole feso'ota'iga.
O isi fa'agaioiga feso'ota'iga uma o lo'o fa'atautaia atoa i le filo a le tagata faigaluega, e aofia ai so'o se amioga fa'asalalau.
Mo filo faigaluega taʻitasi i le Envoy, o loʻo i ai se vaitaele fesoʻotaʻiga. O lea la, o vaitaele feso'ota'iga HTTP/2 e na'o le tasi le feso'ota'iga i le 'au talimalo i fafo i le taimi, pe afai e fa filo tagata faigaluega o le ai ai le fa HTTP/2 feso'ota'iga mo le 'au talimalo i fafo i se tulaga mautu. E ala i le teuina o mea uma i totonu o se filo tagata faigaluega, toetoe lava o code uma e mafai ona tusia e aunoa ma le poloka, e pei o se filo tasi. Afai e sili atu filo a tagata faigaluega e faʻasoa nai lo le mea e manaʻomia, e mafai ona taʻitaʻia ai le maʻimau manatua, fatuina o se numera tele o fesoʻotaʻiga le aoga, ma faʻaitiitia le aofaʻi o taimi e toe faʻafoʻi ai fesoʻotaʻiga i le vaitaele.
Mo nisi fa'amatalaga asiasi .
HTTP Configuration
O le poloka faʻatulagaina NGINX o loʻo faʻamatalaina tulaga HTTP pei o:
- O a ituaiga mime e lagolagoina
- Taimi Fa'atonu
- Gzip Configuration
E mafai ona e faʻavasegaina nei vaega e faʻaaoga ai filiga i le Envoy Proxy, lea o le a tatou talanoaina mulimuli ane.
Laasaga 3 - Fa'atonuga o le Server
I totonu o le poloka faʻapipiʻi HTTP, o le NGINX faʻatonuga faʻapitoa e faʻalogo i luga o le taulaga 8080 ma tali atu i talosaga o loʻo oʻo mai mo vaega. one.example.com и www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;I totonu o le Avefe'au, o lo'o pulea e Fa'alogologo.
Tagata fa'afofoga avefe'au
O le itu pito sili ona taua o le amataina ma le Envoy Proxy o le faʻamalamalamaina o au faʻalogo. E te manaʻomia le fatuina o se faila faila e faʻamatalaina pe faʻapefea ona e manaʻo e faʻataʻitaʻi le Envoy instance.
O le snippet o loʻo i lalo o le a fatuina ai se tagata faʻalogo fou ma faʻapipiʻi i le taulaga 8080. O le faʻatulagaga e taʻu atu ai le Envoy Proxy po o fea ports e tatau ona fusifusia mo talosaga o loʻo oʻo mai.
E fa'aaoga e le Envoy Proxy le fa'ailoga YAML mo lona fa'atulagaina. Mo se folasaga i lenei fa'amatalaga, va'ai iinei .
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }E le mana'omia ona fa'amatala igoa_server, talu ai o filiga o le Envoy Proxy o le a taulimaina lenei mea.
Laasaga 4 - Fa'atonu nofoaga
A oʻo mai se talosaga ile NGINX, o le poloka nofoaga e fuafua pe faʻafefea ona faʻagasolo ma le mea e ala ai le auala. I le vaega o lo'o mulimuli mai, o fefa'ataua'iga uma i le 'upega tafa'ilagi o lo'o fa'afeiloa'i atu i luga (fa'amatalaga a le faaliliu: o le upstream e masani lava o se 'au'aunaga talosaga) fa'aigoa. targetCluster. O le fuifui i luga o lo'o fa'amatalaina ai nodes e tatau ona fa'agasolo le talosaga. O le a tatou talanoaina lenei mea i le isi laasaga.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}I le Envoy, e faia e Filters lenei mea.
Filifiliga Avefeau
Mo se fa'atonuga fa'apitoa, e filifili e fili pe fa'afefea ona fa'agasolo talosaga o lo'o o'o mai. I lenei tulaga matou te setiina filiga e fetaui igoa_server i le laasaga muamua. A taunu'u mai talosaga o lo'o o'o mai e fetaui ma nisi vaega ma auala, o lo'o fa'asolo atu i le fuifui. Ole tutusa lea ole NGINX ile pito i luga.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.routerigoa avefe'au.http_connection_manager o se faamama ua fausia i le Envoy Proxy. O isi filiga e aofia ai Redis, Mongo, TCP. E mafai ona e mauaina le lisi atoa ile .
Mo nisi faʻamatalaga e uiga i isi faiga faʻavae paleni, asiasi .
Laasaga 5 - Fa'atonuga ma le Upstream Configuration
I le NGINX, o le faʻasologa i luga o loʻo faʻamatalaina ai se seti o faʻatonuga o loʻo faʻatautaia feoaiga. I lenei tulaga, e lua fuifui ua tofia.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}I le Envoy, o loʻo pulea e fuifui.
Vaega o Avefeau
O le tutusa i luga ua faauigaina o fuifui. I lenei tulaga, o le au talimalo o le a tautuaina le feoaiga ua faailoaina. O le auala e maua ai 'au, e pei o taimi fa'agata, o lo'o fa'amatalaina o se fa'aopoopo fa'aopoopo. O lenei mea e mafai ai ona sili atu le faʻatonutonuina o vaega e pei o le latency ma le paleni o uta.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]A'o fa'aogaina auaunaga su'esu'e STRICT_DNS Ole avefe'au ole a fa'aauau pea ma fa'amuta fa'atatau ile DNS. O tuatusi IP ta'itasi ua toe fa'afo'i mai le fa'ai'uga o le DNS o le a fa'apea ose tagata fa'apitoa i le fa'aputuga i luga. O lona uiga afai e toe faʻafoʻi e se talosaga ni tuatusi IP se lua, o le a manatu le Envoy e lua 'au i totonu o le fuifui, ma e tatau ona tutusa uma le uta. Afai e aveese se talimalo mai le taunuuga, o le a manatu le Envoy e le o toe i ai ma o le a toso taavale mai soʻo se vaitaele fesoʻotaʻiga o iai.
Mo nisi faʻamatalaga vaʻai .
Laasaga 6 - Log Avanoa ma mea sese
O le faatulagaga mulimuli o le resitalaina. Nai lo le tuleia o ogalaau sese i le tisiki, Envoy Proxy e faia se auala faʻavae ao. O ogalaau talosaga uma o lo'o tu'uina atu i stdout и stderr.
Pe a faia e tagata fa'aoga se talosaga, o ogalaau avanoa e filifili ma fa'aletonu ona o le faaletonu. Ina ia mafai ona maua ogalaau mo talosaga HTTP, ia mafai le faatulagaga access_log mo le pule o fesoʻotaʻiga HTTP. O le ala e mafai ona avea o se masini e pei o stdout, poʻo se faila i luga o le disk, e faʻatatau i ou manaʻoga.
O le fa'asologa o lo'o mulimuli mai o le a toe fa'afeiloa'i uma ogalaau avanoa i stdout (fa'amatalaga a le faaliliu - e mana'omia le stdout e fa'aoga ai le avefe'au i totonu o le fagafa'a. Afai e fa'aoga e aunoa ma le fa'ailoga, ona sui lea o le /dev/stdout i le ala i se faila ogalaau masani). Kopi le snippet i le vaega fa'atulagaina mo le pule o feso'ota'iga:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"O taunuuga e tatau ona pei o lenei:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:Ona o le le mafai, Envoy ei ai se manoa faʻasologa e aofia ai faʻamatalaga o le talosaga HTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"nO le taunuuga o lenei manoa faatulagaga o le:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"E mafai ona fa'avasegaina mea e maua mai i le fa'atulagaina o le fanua fa'atulagaina. Faataitaiga:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"O le laina ogalaau e mafai foi ona gaosia i le JSON format e ala i le setiina o le fanua json_format. Mo se faʻataʻitaʻiga:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}Mo nisi fa'amatalaga ile Envoy Registration Methodology, asiasi
O le fa'amauina e le na'o le pau lea o le auala e maua ai le malamalama i le galue ma le Envoy Proxy. O lo'o i ai fa'ata'ita'iga maualuluga ma agava'a fa'ata'ita'i ua fausia i totonu. E mafai ona e iloa atili i pe ala mai .
Laasaga 7 - Fa'alauiloa
O lea ua e si'itia lau fa'atulagaga mai le NGINX i le Envoy Proxy. O le laasaga mulimuli o le faʻalauiloaina o se Envoy Proxy faʻataʻitaʻiga e suʻe ai.
Tamomoe e avea ma tagata e faaaogāina
I le pito i luga ole laina faʻatulagaina NGINX fa'aoga www www; faʻamaonia e faʻatautaia le NGINX o se tagata faʻaoga maualalo e faʻaleleia le saogalemu.
E fai e le Envoy Proxy se faiga fa'avae i le ao e pulea ai po'o ai e ana se faiga. A matou faʻatautaia le Envoy Proxy i totonu o se atigipusa, e mafai ona matou faʻamaonia se tagata faʻaoga maualalo.
Fa'ailoaina le Sui Sui
O le poloaiga o loʻo i lalo o le a faʻatautaia le Envoy Proxy e ala i se pusa Docker i luga o le talimalo. O lenei faʻatonuga e tuʻuina atu ai i le Envoy le mafai ona faʻalogo mo talosaga o loʻo oʻo mai i luga o le taulaga 80. Ae ui i lea, e pei ona faʻamaonia i le faʻasalalauga faʻalogo, e faʻalogo le Envoy Proxy mo fefaʻatauaiga o loʻo oʻo mai i luga o le taulaga 8080. O lenei mea e mafai ai ona faʻagasolo le faagasologa o se tagata faʻaoga maualalo.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoySuʻega
Faatasi ai ma le sui o loʻo faʻagasolo, ua mafai nei ona faia suʻega ma faʻatautaia. Ole fa'atonuga o le cURL o lo'o tu'uina atu se talosaga ma le fa'auluuluga o lo'o fa'amatalaina i le fa'atulagaina o sui.
curl -H "Host: one.example.com" localhost -iO le talosaga HTTP o le a iu i se mea sese 503. E mafua ona o feso'ota'iga i luga e le o galue ma e le o maua. Ole mea lea, ole Envoy Proxy e leai ni avanoa avanoa mo le talosaga. O le faʻatonuga o loʻo mulimuli mai o le a amata ai se faasologa o auaunaga HTTP e fetaui ma le faʻatulagaga ua faʻamatalaina mo le Aveta.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;Faatasi ai ma auaunaga o loʻo avanoa, e mafai e le Envoy ona faʻamanuiaina fefaʻatauaiga i lona taunuuga.
curl -H "Host: one.example.com" localhost -iE tatau ona e vaʻai i se tali e faʻaalia ai po o fea Docker container na faʻatautaia le talosaga. I totonu o le Envoy Proxy logs e tatau foi ona e vaʻai i se faʻaogaina o manoa.
Ulutala Faaopoopo HTTP Tali
O le a e vaʻai i isi ulutala HTTP i ulutala tali o le talosaga moni. O le ulutala e faʻaalia ai le taimi na faʻaalu ai e le au talimalo i luga le faiga o le talosaga. Fa'aalia i milliseconds. E aoga lenei mea pe a mana'o le tagata o tausia e fuafua le taimi o le tautua pe a fa'atusatusa i le fa'agata feso'otaiga.
x-envoy-upstream-service-time: 0
server: envoyFa'atonuga mulimuli
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }Fa'amatalaga faaopoopo mai le faaliliu
O faatonuga mo le faʻapipiʻiina o le Envoy Proxy e mafai ona maua i luga o le upega tafaʻilagi
Ile faaletonu, rpm e leai se systemd service config.
Faʻaopoopo le systemd service config /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.targetE tatau ona e faia se lisi /etc/envoy/ ma tuu le config.yaml config iina.
O loʻo i ai se talatalanoaga telegram e faʻaaoga ai le sui sui:
E le lagolagoina e le Envoy Proxy le tu'uina atu o mea fa'apitoa. O lea la, o ai e mafai ona palota mo le vaega:
Na'o tagata fa'aigoaina e mafai ona auai i le su'esu'ega. , faʻamolemole.
Pe na fa'amalosia oe e lenei pou e fa'apipi'i ma su'e sui sui?
-
ioe
-
leai
75 tagata fa'aoga na palota. 18 tagata fa'aoga na le fa'aaogaina.
puna: www.habr.com