Mhoro, Habr! Ndinounza kwauri kududzirwa kwechinyorwa ichi: .
Envoy is a high-performance distributed proxy server (yakanyorwa muC ++) yakagadzirirwa mabasa ega ega uye kushandiswa, iriwo bhazi rekutaurirana uye "universal data plane" yakagadzirirwa microservice yakakura "service mesh" architectures. Pakuigadzira, mhinduro dzezvinetso zvakamuka panguva yekuvandudzwa kwemaseva akadai seNGINX, HAProxy, hardware mitoro yekuenzanisa uye cloud load balancers yakatorwa. Envoy inoshanda padivi pechishandiso chega chega uye inobvisa network kuti ipe zvakajairika kushanda zvisinei nepuratifomu. Kana yese traffic yebasa mune zvivakwa ichiyerera kuburikidza neEnvoy mesh, zvinova nyore kuona nzvimbo dzine dambudziko nekuenderana kucherechedzwa, tune kuita kwese, uye kuwedzera mashandiro epakati mune imwe nzvimbo.
Zviratidzo
- Out-of-process architecture: mumiririri is a self-contained, high-performance server inotora zvishoma RAM. Inoshanda pamwe chete nechero mutauro wekushandisa kana chimiro.
- http/2 nerutsigiro rwegrpc: nhume ine yekutanga-kirasi http/2 uye grpc rutsigiro rwekupinda nekubuda. Iyi ipuroksi inoonekera kubva ku http/1.1 kuenda ku http/2.
- Yepamberi Mutoro Kuyera: mutumwa anotsigira epamberi mitoro yekuyera maficha anosanganisira otomatiki kuyedza, kutyora cheni, kudzikamisa mwero wepasi rose, kukumbira mimvuri, kuyera nzvimbo yenzvimbo, nezvimwe.
- Configuration Management API: nhume inopa yakasimba API yekugadzirisa zvine simba kurongeka kwako.
- Kucherechedzwa: Kuonekwa kwakadzama kweL7 traffic, tsigiro yemuno yekugovera kuteedzera uye kucherechedzwa kwe mongodb, dynamodb uye zvimwe zvakawanda zvinoshandiswa.
Nhanho 1 - Muenzaniso NGINX Config
Ichi chinyorwa chinoshandisa faira rakagadzirwa nginx.conf, zvichibva pamuenzaniso uzere kubva . Iwe unogona kuona iyo gadziriso mupepeti nekuvhura nginx.conf
nginx source config
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}NGINX masisitimu anowanzo ane matatu akakosha zvinhu:
- Kugadzirisa NGINX sevha, chimiro chegi uye Gzip mashandiro. Izvi zvinotsanangurwa pasi rose mune zvese zviitiko.
- Kugadzirisa NGINX kugamuchira zvikumbiro kune mugamuchiri one.example.com pachiteshi che8080.
- Kumisikidza nzvimbo yakanangwa, maitiro ekubata traffic yezvikamu zvakasiyana zve URL.
Haasi ese magadzirirwo achashanda kune Envoy Proxy, uye haufanire kugadzirisa mamwe marongero. Envoy Proxy ane mhando ina dzinokosha, iyo inotsigira nheyo huru inopihwa neNGINX. The core is:
- Vateereri: Ivo vanosarudza kuti Envoy Proxy inogamuchira sei zvikumbiro zvinouya. Envoy Proxy parizvino inotsigira vateereri veTCP-based. Kana kubatana kwangotangwa, kunopfuudzwa kune seti yemasefa kuti igadziriswe.
- Sefa: Iwo chikamu chepipeline architecture inogona kugadzirisa inouya uye inobuda data. Kuita uku kunosanganisira mafirita akadai seGzip, anodzvanya data risati ratumira kumutengi.
- Marouta: Vanoendesa mberi traffic kunzvimbo inodiwa, inotsanangurwa sesumbu.
- Masumbu: Ivo vanotsanangura iyo yekupedzisira yetraffic uye kumisikidza paramita.
Tichashandisa izvi zvikamu zvina kugadzira Envoy Proxy configuration kuti ienderane neiyo NGINX gadziriro. Chinangwa chenhume ndechekushanda nemaAPI uye dhizaini dhizaini. Muchiitiko ichi, chigadziro chekugadzirisa chichashandisa static, yakaoma-coded marongero kubva kuNGINX.
Nhanho 2 - NGINX Configuration
Chikamu chekutanga nginx.conf inotsanangura zvimwe zvemukati zveNGINX zvinoda kugadzirwa.
Worker Connections
Iyo gadziriso iri pazasi inotaridza huwandu hwevashandi maitiro uye kubatana. Izvi zvinoratidza kuti NGINX ichakwira sei kuzadzisa zvinodiwa.
worker_processes 2;
events {
worker_connections 2000;
}Envoy Proxy inobata mafambiro ebasa nekubatanidza nenzira dzakasiyana.
Nhume inogadzira tambo yevashandi kune yega yega Hardware thread pane system. Imwe neimwe tambo yemushandi inoita isingavhare chiitiko loop ine basa
- Kuteerera muteereri mumwe nomumwe
- Kugamuchira mitsva yekubatanidza
- Kugadzira seti yemasefa ekubatanidza
- Gadzirisa mabasa ese eI/O mukati mehupenyu hwekubatanidza.
Yese yekuwedzera yekubatanidza kugadzirisa inobatwa zvachose mushinda yevashandi, kusanganisira chero maitiro ekutumira.
Kune yega yega shinda yevashandi muEnvoy, pane dziva rekubatanidza. Saka HTTP/2 madziva ekubatanidza anongosimbisa imwe chete yekubatanidza kune yekunze muenzi panguva, kana paine tambo ina dzevashandi pachave neina HTTP/2 yekubatanidza pamunhu wekunze mune yakagadzikana. Nekuchengeta zvese mushinda imwe yevashandi, dzinenge kodhi dzese dzinogona kunyorwa pasina kuvharira, sekunge dzakasungwa imwechete. Kana tambo dzakawanda dzevashandi dzikagoverwa kupfuura zvinodiwa, izvi zvinogona kutungamira mukukanganisa ndangariro, kugadzira huwandu hukuru hwekubatanidza husina basa, uye kuderedza huwandu hwenguva dzekubatanidza dzinodzoserwa kudziva.
Kuti uwane rumwe ruzivo shanya .
HTTP Configuration
Iyo inotevera NGINX yekumisikidza block inotsanangura marongero eHTTP akadai se:
- Ndeapi marudzi emamime anotsigirwa
- Default Timeouts
- Gzip Configuration
Unogona kugadzirisa zvinhu izvi uchishandisa mafirita muEnvoy Proxy, zvatichakurukura gare gare.
Nhanho 3 - Server Configuration
Muiyo HTTP configuration block, iyo NGINX gadziriso inotsanangura kuteerera pachiteshi 8080 uye kupindura kune zvinouya zvikumbiro zvemadomasi. one.example.com ΠΈ www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;Inside Envoy, inodzorwa nevateereri.
Nhume vateereri
Chinhu chinonyanya kukosha chekutanga neEvoy Proxy kutsanangura vateereri vako. Iwe unofanirwa kugadzira faira yekumisikidza inotsanangura maitiro aunoda kuita iyo Envoy muenzaniso.
Iyo snippet iri pazasi ichagadzira muteereri mutsva uye ichisungira kune port 8080. Iyo gadziriso inoudza Envoy Proxy kuti ndeapi madoko aanofanira kusunga kune zvikumbiro zvinouya.
Envoy Proxy inoshandisa YAML notation pakugadzirisa kwayo. Kuti uwane sumo yechinyorwa ichi, tarisa pano .
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }Hapana chikonzero chekutsanangura server_name, sezvo Envoy Proxy mafirita achabata izvi.
Nhanho 4 - Kugadziriswa Kwenzvimbo
Kana chikumbiro chauya muNGINX, iyo nzvimbo yekuvhara inosarudza maitiro uye kupi nzira yekufambisa traffic. Muchidimbu chinotevera, traffic yese yesaiti inoendeswa kumusoro (chinyorwa chemuturikiri: kumusoro kwemvura kunowanzo sevha yekushandisa) cluster yakanzi targetCluster. Iyo cluster yekumusoro inotsanangura node dzinofanirwa kugadzirisa chikumbiro. Tichakurukura izvi mudanho rinotevera.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}PaEnvoy, Mafirita anoita izvi.
Envoy Sefa
Nekugadziriswa kwakamira, mafirita anoona maitiro ekugadzirisa zvikumbiro zvinouya. Muchiitiko ichi tinoisa mafirita anoenderana server_names munhanho yapfuura. Kana zvikumbiro zvinouya zvinofanana nemamwe madomasi uye nzira, traffic inoendeswa kune cluster. Izvi ndizvo zvakaenzana neNGINX yepasi-up configuration.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.routerzita nhume.http_connection_manager iyo yakavakirwa-mukati sefa muEvoy Proxy. Mamwe mafirita anosanganisira Redis, Mongo, TCP. Unogona kuwana runyoro rwakakwana pa .
Kuti uwane rumwe ruzivo nezve mamwe marongero ekuenzanisa mitoro, shanya .
Nhanho 5 - Proxy uye Upstream Configuration
Mu NGINX, iyo yekukwira kumusoro inotsanangura seti yezvinangwa maseva anozogadzira traffic. Muchiitiko ichi, mapoka maviri akagoverwa.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}In Envoy, izvi zvinotungamirirwa nemasumbu.
Envoy Clusters
Kuenzana kwekumusoro kunotsanangurwa semasumbu. Muchiitiko ichi, mauto anozoshandira traffic akaonekwa. Nzira iyo mauto anowanikwa, senge nguva yekubuda, inotsanangurwa se cluster configuration. Izvi zvinobvumira mamwe granular kudzora pamusoro pezvinhu zvakadai se latency uye kuremedza kuenzanisa.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]Paunenge uchishandisa sevhisi kuwanikwa STRICT_DNS Nhume inoenderera uye neasynchronously kugadzirisa zvakatsanangurwa DNS zvinangwa. Imwe neimwe yakadzoserwa IP kero kubva kuDNS mhedzisiro ichaonekwa seyakajeka mugadziri murukova cluster. Izvi zvinoreva kuti kana chikumbiro chikadzosa kero mbiri dzeIP, Nhume inofungidzira kuti kune mauto maviri musumbu, uye ese ari maviri anofanirwa kuve akaremerwa. Kana muenzi akabviswa kubva mumhedzisiro, Nhume inofungidzira kuti haichave uye inodhonza traffic kubva kune chero aripo ekubatanidza madziva.
Kuti uwane rumwe ruzivo ona .
Nhanho 6 - Log Access uye Zvikanganiso
Kugadziriswa kwekupedzisira kunyoresa. Panzvimbo yekusundira matanda ekukanganisa kudhisiki, Envoy Proxy inotora makore-yakavakirwa maitiro. Ese maapplication logs anobuditswa kune stdout ΠΈ stderr.
Kana vashandisi vakaita chikumbiro, matanda ekuwana anosarudzika uye akaremara nekusarudzika. Kuti ugone kugonesa magwaro ekuwana zvikumbiro zveHTTP, gonesa kugadziridza access_log yeHTTP yekubatanidza maneja. Iyo nzira inogona kunge iri mudziyo wakadai stdout, kana faira riri padhisiki, zvichienderana nezvaunoda.
Iyo inotevera gadziriso ichatungamira ese ekupinda logs kune stdout (chinyorwa chemuturikiri - stdout chinodiwa kushandisa nhume mukati medocker. Kana ikashandiswa pasina docker, shandura /dev/stdout nenzira inoenda kune yenguva dzose log file). Kopa snippet kuchikamu chekugadzirisa chemaneja wekubatanidza:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"Zvigumisiro zvinofanira kutaridzika seizvi:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:Nekumisikidza, Envoy ine fomati tambo inosanganisira iwo ruzivo rwechikumbiro cheHTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"nMhedzisiro yefomati iyi tambo ndeiyi:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"Izvo zvinobuda zvemukati zvinogona kugadziridzwa nekuisa iyo fomati ndima. Semuyenzaniso:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"Mutsara welogi unogonawo kubudiswa muJSON format nekugadzirisa munda json_format. Somuenzaniso:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}Kuti uwane rumwe ruzivo nezve iyo Envoy Registration Methodology, shanya
Kutema miti handiyo yega nzira yekuwana nzwisiso yekushanda neEnvoy Proxy. Iyo ine advanced tracking uye metrics kugona kwakavakirwa mairi. Unogona kuziva zvakawanda pa kana kuburikidza .
Nhanho 7 - Kutanga
Iwe zvino watama gadziriso yako kubva kuNGINX kuenda kuEnvoy Proxy. Nhanho yekupedzisira ndeyekutanga Envoy Proxy muenzaniso kuti uiedze.
Mhanya semushandisi
Pamusoro peiyo NGINX yekumisikidza mutsara mushandisi www; inotsanangura kumhanya NGINX semushandi ane rombo rakanaka kuti uvandudze kuchengetedzeka.
Envoy Proxy inotora makore-yakavakirwa maitiro ekutarisira muridzi wemaitiro. Patinomhanyisa Envoy Proxy kuburikidza nemudziyo, tinogona kutsanangura mushandisi ane rombo rakanaka.
Kutangisa Envoy Proxy
Iwo murairo uri pazasi unomhanyisa Envoy Proxy kuburikidza neDocker mudziyo pane iyo host. Uyu murairo unopa Nhume kukwanisa kuteerera zvikumbiro zvinouya pachiteshi 80. Zvisinei, sezvinotsanangurwa mukugadzirisa kwevateereri, Envoy Proxy inoteerera traffic inouya pachiteshi 8080. Izvi zvinobvumira nzira kuti iite semushandisi ane rombo rakaderera.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoyKuedza
Neiyo proxy iri kushanda, miedzo ikozvino inogona kuitwa uye kugadziriswa. Iyo inotevera cURL yekuraira inopa chikumbiro nemusoro wemuenzi unotsanangurwa mukugadziriswa kweproxy.
curl -H "Host: one.example.com" localhost -iChikumbiro cheHTTP chinokonzeresa kukanganisa 503. Izvi zvinodaro nekuti kubatanidza kumusoro kwemurwizi hakusi kushanda uye hakusi kuwanikwa. Naizvozvo, Envoy Proxy haina nzvimbo dziripo dzekukumbira. Murairo unotevera uchatanga nhevedzano yeHTTP masevhisi anofanana nekumisikidzwa kunotsanangurwa kune Envoy.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;Nemasevhisi aripo, Envoy inogona kubudirira proxy traffic kune kwainoenda.
curl -H "Host: one.example.com" localhost -iIwe unofanirwa kuona mhinduro inoratidza kuti ndeipi Docker mudziyo wakagadzirisa chikumbiro. Mune iyo Envoy Proxy matanda iwe unofanirwawo kuona yekuwana tambo kubuda.
Yekuwedzera HTTP Mhinduro Misoro
Iwe uchaona yakawedzera HTTP misoro mune yekupindura misoro yechikumbiro chaicho. Musoro unoratidza nguva iyo mugamuchiri wekumusoro akashandisa kugadzirisa chikumbiro. Inoratidzwa mumamilliseconds. Izvi zvinobatsira kana mutengi achida kuona sevhisi nguva ichienzaniswa netiweki latency.
x-envoy-upstream-service-time: 0
server: envoyFinal config
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }Mamwe mashoko kubva kumushanduri
Mirayiridzo yekuisa Envoy Proxy inogona kuwanikwa pawebhusaiti
Nekutadza, rpm haina systemd sevhisi config.
Wedzera systemd service config /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.targetIwe unofanirwa kugadzira dhairekitori /etc/envoy/ uye woisa iyo config.yaml config ipapo.
Pane kutaura kweteregiramu uchishandisa mumiriri wenhume:
Envoy Proxy haitsigire kushandira static zvemukati. Naizvozvo, ndiani anogona kuvhotera chimiro:
Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. , Munogamuchirwa.
Iyi positi yakakurudzira iwe kuti uise uye uedze nhume yevamiriri?
-
hongu
-
kwete
75 vashandisi vakavhota. 18 vashandisi vakaramba.
Source: www.habr.com