Lumela, Habr! Ke u hlokomelisa phetolelo ea poso: .
Moemeli ke seva sa proxy se abuoang se sebetsang hantle haholo (se ngotsoeng ho C ++) se etselitsoeng lits'ebeletso le lits'ebetso tsa motho ka mong, hape ke bese ea puisano le "sefofane sa data sa bokahohleng" se etselitsoeng meralo e meholo ea "service mesh" ea microservice. Ha e e theha, ho ile ha nkoa litharollo tsa mathata a ileng a hlaha nakong ea ntshetsopele ea li-server tse kang NGINX, HAProxy, li-balancers tsa thepa ea hardware le li-balancers tsa leru. Envoy e sebetsa hammoho le ts'ebeliso e 'ngoe le e' ngoe 'me e hula marang-rang ho fana ka ts'ebetso e tloaelehileng ho sa tsotelehe sethala. Ha litšebeletso tsohle tsa litšebeletso tsa motheo li phalla ka har'a Mesh Mesh, ho ba bonolo ho bona libaka tsa mathata ka ponahalo e tsitsitseng, ho hlophisa ts'ebetso ka kakaretso, le ho eketsa ts'ebetso ea mantlha sebakeng se itseng.
Likarolo
- Mehaho e sa sebetseng: moemeli ke sesebelisoa se ikemetseng, se sebetsang hantle se nkang RAM e nyane. E sebetsa 'moho le puo efe kapa efe ea kopo kapa moralo.
- http/2 le tšehetso ea grpc: moemeli o na le ts'ehetso ea boemo ba pele ba http/2 le grpc bakeng sa likhokahano tse kenang le tse tsoang. Ena ke proxy e bonaletsang ho tloha ho http/1.1 ho ea ho http/2.
- Tekanyetso e tsoetseng pele ea mojaro: moemeli o ts'ehetsa likarolo tse tsoetseng pele tsa ho leka-lekanya mojaro ho kenyelletsa ho leka hape ka boiketsetso, ho robeha ketane, ho fokotsa sekhahla sa lefats'e, ho etsa moriti oa kopo, ho leka-lekanya mojaro oa libaka, jj.
- Configuration Management API: moemeli o fana ka API e matla bakeng sa ho laola tlhophiso ea hau.
- Ponahalo: Ponahalo e tebileng ea sephethephethe sa L7, ts'ehetso ea matsoalloa bakeng sa ho ts'oara le ho bonoa ha mongodb, dynamodb le lits'ebetso tse ling tse ngata.
Mohato oa 1 - Mohlala NGINX Config
Script ena e sebelisa faele e entsoeng ka mokhoa o khethehileng nginx.conf, e thehiloeng ho mohlala o feletseng o tsoang ho . U ka sheba tlhophiso ho mohlophisi ka ho bula nginx.conf
nginx mohloli config
user www www;
pid /var/run/nginx.pid;
worker_processes 2;
events {
worker_connections 2000;
}
http {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}
server {
listen 8080;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
error_log /var/log/nginx.error_log info;
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}Litlhophiso tsa NGINX hangata li na le lintlha tse tharo tsa bohlokoa:
- Ho lokisa seva sa NGINX, sebopeho sa log le ts'ebetso ea Gzip. Sena se hlalosoa lefatšeng ka bophara maemong ohle.
- E lokisa NGINX ho amohela likopo ho moamoheli one.example.com boema-kepeng ba 8080.
- Ho theha sebaka sa sepheo, mokhoa oa ho sebetsana le sephethephethe bakeng sa likarolo tse fapaneng tsa URL.
Ha se litlhophiso tsohle tse tla sebetsa ho Envoy Proxy, 'me ha ho hlokahale hore u hlophise litlhophiso tse ling. Moemeli oa moemeli o na le mefuta e mene ea bohlokoa, e tšehetsang lisebelisoa tsa motheo tse fanoang ke NGINX. Taba ea mantlha ke:
- Bamameli: Ba etsa qeto ea hore na Envoy Proxy e amohela likopo tse tlang joang. Moemeli oa Moemeli hajoale o tšehetsa feela bamameli ba thehiloeng ho TCP. Hang ha khokahano e se e thehiloe, e fetisetsoa ho sehlopha sa li-filters bakeng sa ho sebetsa.
- Lisefe: Ke karolo ea meralo ea lipeipi e ka sebetsanang le data e kenang le e tsoang. Ts'ebetso ena e kenyelletsa lihloela tse joalo ka Gzip, e hatellang data pele e e romella ho moreki.
- Litsela: Ba fetisetsa sephethephethe sebakeng se hlokahalang, se hlalosoang e le sehlopha.
- Lihlopha: Ba hlalosa ntlha ea ho qetela bakeng sa sephethephethe le litekanyetso tsa tlhophiso.
Re tla sebelisa likarolo tsena tse 'nè ho theha tlhophiso ea Moemeli oa Moemeli ho lumellana le tlhophiso e itseng ea NGINX. Sepheo sa Envoy ke ho sebetsa le li-API le tlhophiso e matla. Tabeng ena, tlhophiso ea motheo e tla sebelisa litlhophiso tse tsitsitseng, tse thata tse tsoang ho NGINX.
Mohato oa 2 - NGINX Configuration
Karolo ea pele nginx.conf e hlalosa ba bang ba ka hare ba NGINX ba hlokang ho hlophisoa.
Likamano tsa basebetsi
Tlhophiso e ka tlase e etsa qeto ea palo ea lits'ebetso tsa basebetsi le likhokahano. Sena se bontša hore na NGINX e tla eketseha joang ho fihlela tlhokahalo.
worker_processes 2;
events {
worker_connections 2000;
}Envoy Proxy e laola phallo ea mosebetsi le likhokahano ka mekhoa e fapaneng.
Moemeli o theha khoele ea basebetsi bakeng sa khoele e 'ngoe le e 'ngoe ea hardware tsamaisong. Khoele e 'ngoe le e' ngoe ea basebetsi e etsa loop ea ketsahalo e sa thibeleng e ikarabellang bakeng sa
- Ho mamela momameli e mong le e mong
- Ho amohela likhokahano tse ncha
- Ho theha sehlopha sa lihloela bakeng sa khokahano
- Sebetsa lits'ebetso tsohle tsa I/O nakong eohle ea khokahano.
Ts'ebetso eohle e tsoelang pele ea khokahano e sebetsoa ka botlalo khoeleng ea basebetsi, ho kenyelletsa le boits'oaro bofe kapa bofe ba ho fetisa.
Bakeng sa khoele e 'ngoe le e 'ngoe ea basebetsi ho Envoy, ho na le letamo la khokahano. Kahoo matamo a khokahano ea HTTP/2 a theha khokahano e le 'ngoe ho moamoheli oa kantle ka nako, haeba ho na le likhoele tse nne tsa basebetsi ho tla ba le likhokahano tse nne tsa HTTP/2 ho moamoheli oa kantle sebakeng se tsitsitseng. Ka ho boloka ntho e 'ngoe le e' ngoe khoeleng e le 'ngoe ea basebetsi, hoo e batlang e le khoutu eohle e ka ngoloa ntle le ho thibela, joalokaha eka e khoele e le 'ngoe. Haeba likhoele tse ngata tsa basebetsi li abeloa ho feta kamoo ho hlokahalang, sena se ka lebisa mohopolong o senyehileng, ho theha palo e kholo ea likhokahano tse sa sebetseng, le ho fokotsa makhetlo a makhetlo a likhokahano a khutlisetsoang letamong.
Ho fumana lintlha tse ling etela .
HTTP Configuration
Sebopeho se latelang sa NGINX se hlalosa litlhophiso tsa HTTP tse kang:
- Ke mefuta efe ea li-mime e tšehetsoeng
- Linako tsa kamehla
- Tlhophiso ea Gzip
U ka etsa likarolo tsena ka mokhoa o ikhethileng u sebelisa li-filters ho Envoy Proxy, tseo re tla li tšohla hamorao.
Mohato oa 3 - Tlhophiso ea Seva
Sebakeng sa HTTP block, tlhophiso ea NGINX e bolela ho mamela ho port 8080 le ho arabela likopo tse kenang tsa libaka. one.example.com и www.one.example.com.
server {
listen 8080;
server_name one.example.com www.one.example.com;Hare Moemeli, e laoloa ke Bamameli.
Bamameli ba baemeli
Karolo ea bohlokoahali ea ho qala ka Envoy Proxy ke ho hlalosa bamameli ba hau. U hloka ho theha faele ea tlhophiso e hlalosang kamoo u batlang ho tsamaisa mohlala oa Envoy.
Snippet e ka tlase e tla theha momameli e mocha ebe e e tlama ho port 8080. Tlhophiso e bolella Envoy Proxy hore na e tlameha ho tlama likoung life bakeng sa likopo tse kenang.
Envoy Proxy e sebelisa mongolo oa YAML bakeng sa tlhophiso ea eona. Bakeng sa selelekela sa tlhaloso ena, sheba mona .
Copy to Editorstatic_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }Ha ho hlokahale ho hlalosa lebitso la seva_name, kaha li-filters tsa Evoy Proxy li tla sebetsana le sena.
Mohato oa 4 - Tlhophiso ea Sebaka
Ha kopo e kena NGINX, sebaka sa sebaka se thibelang sebaka se etsa qeto ea hore na se sebetsa joang le hore na se tsamaisa sephethephethe hokae. Sekhechanang se latelang, sephethephethe sohle se eang sebakeng se fetisetsoa sebakeng se ka holimo (lintlha tsa mofetoleli: ho ea holimo hangata ke seva sa kopo) targetCluster. Sehlopha sa holimo se hlalosa li-node tse lokelang ho sebetsana le kopo. Re tla tšohla sena mohatong o latelang.
location / {
proxy_pass http://targetCluster/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}Ho Envoy, Filters e etsa sena.
Lisefa tsa Evoy
Bakeng sa tlhophiso e tsitsitseng, li-filters li khetha mokhoa oa ho sebetsana le likopo tse kenang. Tabeng ena re beha li-filters tse lumellanang mabitso_a seva mohatong o fetileng. Ha likopo tse kenang tse tšoanang le libaka le litsela tse itseng li fihla, sephethephethe se lebisoa ho sehlopha. Sena se lekana le tlhophiso e tlase ea NGINX.
Copy to Editor filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.routerlebitso la moemeli.http_connection_manager ke sefe se hahelletsoeng kahare ho Envoy Proxy. Li-filters tse ling li kenyelletsa Redis, mongo, TCP. U ka fumana lenane le felletseng ho .
Ho fumana lintlha tse ling mabapi le maano a mang a ho leka-lekanya mojaro, etela .
Mohato oa 5 - Sebopeho sa Proxy le Upstream
Ho NGINX, tlhophiso e holimo e hlalosa sehlopha sa li-server tse tla sebetsana le sephethephethe. Tabeng ena, lihlopha tse peli li ile tsa abeloa.
upstream targetCluster {
172.18.0.3:80;
172.18.0.4:80;
}Ho Envoy, sena se laoloa ke lihlopha.
Lihlopha tsa Baemeli
Ho lekana ho ea holimo ho hlalosoa e le lihlopha. Tabeng ena, mabotho a tla sebeletsa sephethephethe a khethiloe. Tsela eo baamoheli ba fihlellehang ka eona, joalo ka nako ea ho tsoa, e hlalosoa e le tlhophiso ea sehlopha. Sena se lumella taolo e eketsehileng ea granular holim'a likarolo tse kang latency le load balancing.
Copy to Editor clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]Ha o sebelisa ts'ebeletso ea ho sibolla STRICT_DNS Moemeli o tla tsoela pele ho rarolla lipheo tsa DNS tse boletsoeng. Aterese e 'ngoe le e' ngoe ea IP e khutlisitsoeng ho tsoa sephethong sa DNS e tla nkuoa e le moamoheli ea hlakileng sehlopheng se ka holimo. Sena se bolela hore haeba kopo e khutlisa liaterese tse peli tsa IP, Envoy o tla nka hore ho na le mabotho a mabeli sehlopheng, 'me ka bobeli e tlameha ho ba le botsitso. Haeba moamoheli a tlosoa sephethong, Envoy o tla nka hore ha e sa le teng mme o tla hula sephethephethe ho tsoa matamong afe kapa afe a teng a khokahano.
Bakeng sa tlhaiso-leseling e batsi bona .
Mohato 6 - Log Access le Liphoso
Phetoho ea ho qetela ke ngoliso. Sebakeng sa ho sutumelletsa lits'oants'o tsa liphoso ho disk, Envoy Proxy e nka mokhoa o thehiloeng marung. Lintlha tsohle tsa lits'ebetso li hlahisoa ho stout и ltsoa.
Ha basebelisi ba etsa kopo, li-log tsa phihlello lia ikhethela 'me li emisitsoe ka ho sa feleng. Ho bulela lintlha tsa phihlello bakeng sa likopo tsa HTTP, lumella tlhophiso access_log bakeng sa mookameli oa khokahano ea HTTP. Tsela e ka ba sesebelisoa se kang stout, kapa faele e ho disk, ho itšetlehile ka litlhoko tsa hau.
Litlhophiso tse latelang li tla tsamaisa lintlha tsohle tsa phihlello ho stout (lengolo la mofetoleli - stdout e hlokahala ho sebelisa moemeli ka hare ho docker. Haeba e sebelisoa ntle le docker, joale fetola /dev/stdout ka tsela e eang faeleng e tloaelehileng ea log). Kopitsa snippet karolong ea tlhophiso bakeng sa mookameli oa khokahano:
Copy to Clipboardaccess_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"Liphetho li lokela ho shebahala tjena:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
route_config:Ka nako e sa lekanyetsoang, Envoy o na le khoele ea sebopeho e kenyelletsang lintlha tsa kopo ea HTTP:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"nSephetho sa mofuta ona oa khoele ke:
[2018-11-23T04:51:00.281Z] "GET / HTTP/1.1" 200 - 0 58 4 1 "-" "curl/7.47.0" "f21ebd42-6770-4aa5-88d4-e56118165a7d" "one.example.com" "172.18.0.4:80"Likahare tse hlahisoang li ka etsoa ka mokhoa o ikhethileng ka ho beha sebaka sa sebopeho. Ka mohlala:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
format: "[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"n"Mohala oa log o ka boela oa hlahisoa ka mokhoa oa JSON ka ho beha tšimo json_format. Ka mohlala:
access_log:
- name: envoy.file_access_log
config:
path: "/dev/stdout"
json_format: {"protocol": "%PROTOCOL%", "duration": "%DURATION%", "request_method": "%REQ(:METHOD)%"}Bakeng sa tlhaiso-leseling e batsi mabapi le Mokhoa oa Ngoliso oa Envoy, etela
Ho rema lifate ha se eona feela tsela ea ho fumana temohisiso ea ho sebetsa le Envoy Proxy. E na le mekhoa e tsoetseng pele ea ho latella le metrics e hahiloeng ho eona. U ka fumana ho eketsehileng ho kapa ka .
Mohato oa 7 - Qala
Hona joale u tlohile tlhophiso ea hau ho tloha ho NGINX ho ea ho moemeli oa moemeli. Mohato oa ho qetela ke ho qala mohlala oa Envoy Proxy ho o leka.
Matha joalo ka mosebelisi
Ka holimo ho mohala oa tlhophiso oa NGINX mosebelisi www; e totobatsa ho tsamaisa NGINX joalo ka mosebelisi ea nang le tokelo e tlase ho ntlafatsa ts'ireletso.
Envoy Proxy e nka mokhoa o thehiloeng marung oa ho laola hore na ke mang mong'a ts'ebetso. Ha re tsamaisa Envoy Proxy ka setshelo, re ka hlakisa mosebelisi ea nang le tokelo e tlase.
Ho qala Proxy ea Moemeli
Taelo e ka tlase e tla tsamaisa Envoy Proxy ka setshelo sa Docker ho moamoheli. Taelo ena e fa Moemeli bokhoni ba ho mamela likōpo tse kenang ho port 80. Leha ho le joalo, joalokaha ho hlalositsoe ho tlhophiso ea bamameli, Envoy Proxy e mamela sephethephethe se kenang ho port 8080. Sena se lumella hore ts'ebetso e sebetse e le mosebedisi ea nang le tokelo e tlaase.
docker run --name proxy1 -p 80:8080 --user 1000:1000 -v /root/envoy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoyTeko
Ha proxy e ntse e sebetsa, liteko joale li ka etsoa le ho sebetsoa. Taelo e latelang ea cURL e fana ka kopo ka sehlooho sa moamoheli se hlalositsoeng ho tlhophiso ea proxy.
curl -H "Host: one.example.com" localhost -iKopo ea HTTP e tla baka phoso 503. Lebaka ke hobane likhokahano tse holimo ha li sebetse ebile ha li fumanehe. Ka hona, moemeli oa moemeli ha a na libaka tse fumanehang bakeng sa kopo. Taelo e latelang e tla qala letoto la lits'ebeletso tsa HTTP tse tsamaellanang le tlhophiso e hlalositsoeng bakeng sa Envoy.
docker run -d katacoda/docker-http-server; docker run -d katacoda/docker-http-server;Ka lits'ebeletso tse teng, Envoy e ka atleha ho emela sephethephethe ho fihla moo e eang.
curl -H "Host: one.example.com" localhost -iU lokela ho bona karabo e bontšang hore na setshelo sa Docker se sebelitse kopo efe. Ka har'a li-logs tsa Proxy u lokela ho bona tlhahiso ea khoele ea phihlello.
Lihlooho tse ling tsa Likarabo tsa HTTP
U tla bona lihlooho tse ling tsa HTTP lihloohong tsa likarabo tsa kopo ea 'nete. Sehlooho se bonts'a nako eo moamoheli ea holimo a e sebelisitseng ho etsa kopo. E hlalositsoe ka milliseconds. Sena se bohlokoa haeba moreki a batla ho tseba nako ea ts'ebeletso ha e bapisoa le latency ea marang-rang.
x-envoy-upstream-service-time: 0
server: envoySetlhophiso sa ho qetela
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: backend
domains:
- "one.example.com"
- "www.one.example.com"
routes:
- match:
prefix: "/"
route:
cluster: targetCluster
http_filters:
- name: envoy.router
clusters:
- name: targetCluster
connect_timeout: 0.25s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [
{ socket_address: { address: 172.18.0.3, port_value: 80 }},
{ socket_address: { address: 172.18.0.4, port_value: 80 }}
]
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9090 }Lintlha tse ling tse tsoang ho mofetoleli
Litaelo tsa ho kenya Envoy Proxy li ka fumanoa webosaeteng
Ka ho sa feleng, rpm ha e na tlhophiso ea litšebeletso tsa systemd.
Kenya tlhophiso ea litšebeletso tsa systemd /etc/systemd/system/envoy.service:
[Unit]
Description=Envoy Proxy
Documentation=https://www.envoyproxy.io/
After=network-online.target
Requires=envoy-auth-server.service
Wants=nginx.service
[Service]
User=root
Restart=on-failure
ExecStart=/usr/bin/envoy --config-path /etc/envoy/config.yaml
[Install]
WantedBy=multi-user.targetU hloka ho theha directory /etc/envoy/ ebe u beha config.yaml config moo.
Ho na le puisano ea thelekramo e sebelisang moemeli oa moemeli:
Envoy Proxy ha e tšehetse ho fana ka litaba tse sa fetoheng. Ka hona, ke mang ea ka voutelang karolo ena:
Ke basebelisi ba ngolisitsoeng feela ba ka kenyang letsoho phuputsong. ka kopo.
Na poso ee e u khothalelitse ho kenya le ho leka moemeli oa moemeli?
-
e
-
ha ho
Basebelisi ba 75 ba ile ba khetha. Basebelisi ba 18 ba ile ba hana.
Source: www.habr.com