envoy是很强大的数据平面工具,istio也使用了它。
envoy是一个七层的代理,但是可以模拟代理四层。为大型架构设置的一个通信总线
拥有很多三四层的过滤器,实现强大的功能扩展
需要指定listeners,过滤链 filter chains,代理到后端的服务 cluster
主机(Host):一个具有网络通信能力的端点,例如服务器、移动智能设备等
集群(Cluster):集群是Envoy连接到的一组逻辑上相似的端点;在v2中,RDS通过路由指向集群,CDS提供集群
配置,而Envoy通过EDS发现集群成员,即端点;
下游(Downstream):下游主机连接到Envoy,发送请求并接收响应,它们是Envoy的客户端;
上游(Upstream):上游主机接收来自Envoy的连接和请求并返回响应,它们是Envoy代理的后端服务器;
端点(Endpoint):端点即上游主机,是一个或多个集群的成员,可通过EDS发现;
侦听器(Listener):侦听器是能够由下游客户端连接的命名网络位置,例如端口或unix域套接字等;
位置(Locality):上游端点运行的区域拓扑,包括地域、区域和子区域等;
管理服务器(Management Server):实现v3 API的服务器,它支持复制和分片,并且能够在不同的物理机器上实
现针对不同xDS API的API服务;
地域(Region):区域所属地理位置;
区域(Zone):AWS中的可用区(AZ)或GCP中的区域等;
子区域:Envoy实例或端点运行的区域内的位置,用于支持区域内的多个负载均衡目标;
xDS:CDS 、EDS、HDS 、LDS、RLS(Rate Limit)、 RDS 、 SDS、VHDS和RTDS等API的统称;
Mesh和Envoy Mesh
Envoy通常用于以容器编排系统为底层环境的服务网格中,并以sidecar的形式与主程序容器运行为单个Pod;非编排系统环境中测试时,可以将主程序与Envoy运行于同一容器,或手动组织主程序容器与Envoy容器共享同一网络名称空间;
bashenvoy docker镜像地址: https://hub.docker.com/r/envoyproxy/envoy-alpine 示例地址:https://github.com/iKubernetes/servicemesh_in_practise
过滤器的类型
bashclusters:
- name: ... # 集群的惟一名称,且未提供alt_stat_name时将会被用于统计信息中;
alt_state_name: ... # 统计信息中使用的集群代名称;
type: ... # 用于解析集群(生成集群端点)时使用的服务发现类型,可用值有STATIC、STRICT_DNS、LOGICAL_DNS、ORIGINAL_DST和EDS等;
lb_policy: # 负载均衡算法,支持ROUND_ROBIN、LEAST_REQUEST、RING_HASH、RANDOM、MAGLEV和CLUSTER_PROVIDED;
load_assignment: # 为STATIC、STRICT_DNS或LOGICAL_DNS类型的集群指定成员获取方式;EDS类型的集成要使用eds_cluster_config字段配置;
cluster_name: ... # 集群名称和name保持一致;
endpoints: # 端点列表;
- locality: {} # 标识上游主机所处的位置,通常以region、zone等进行标识;
lb_endpoints: # 属于指定位置的端点列表;
- endpoint_name: ... # 端点的名称;
endpoint: # 端点定义;
socket_adddress: # 端点地址标识;
address: ... # 端点地址;
port_value: ... # 端点端口;
protocol: ... # 协议类型;
配置示例
yamlclusters:
- name: test_clusters
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: test_clusters
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address: { address: 172.17.0.3, port_value:80 }
- endpoint:
address:
socket_address: { address: 172.17.0.4, port_value:80 }
bashclients 访问服务器 xds api: 生成配置文件 listen (filters:产生规则+route) route关联后端的cluster , cluster 后链接server
xDS API相关术语
markdown# 集群(cluster)
# 下游(downstream)
# 上游(upstream)
# 端点(endpoint)
# 侦听器(lister)
# 位置(locality)
# 管理服务器(management server)
# 地域(region)
# 区域(zone)
# 子区域
# xDS:
官方地址:https://www.envoyproxy.io/
bash# 编译envoy
git clone https://github.com/envoyproxy/envoy.git
# 运行一个简单的envoy实例
## 准备配置文件
root@mybot:~/envoy_base# tree
.
├── Dockerfile
└── envoy.yaml
0 directories, 2 files
root@mybot:~/envoy_base# cat Dockerfile
FROM envoyproxy/envoy-alpine:v1.11.1
ADD envoy.yaml /etc/envoy/envoy.yaml
root@mybot:~/envoy_base# cat envoy.yaml
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 0.0.0.0
port_value: 15001
filter_chains:
- filters:
- name: envoy.echo
## 编译镜像
root@mybot:~/envoy_base# docker build . -t envoy:0.3
Sending build context to Docker daemon 3.072kB
Step 1/2 : FROM envoyproxy/envoy-alpine:v1.11.1
---> cbca216b965b
Step 2/2 : ADD envoy.yaml /etc/envoy/envoy.yaml
---> 28b8f9332291
Successfully built 28b8f9332291
Successfully tagged envoy:0.3
## 运行镜像
root@mybot:~/envoy_base# docker container run --name echo1 --rm -p 15001 envoy:0.3
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:238] initializing epoch 0 (hot restart version=11.104)
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:240] statically linked extensions:
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:242] access_loggers: envoy.file_access_log,envoy.http_grpc_access_log
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:245] filters.http: envoy.buffer,envoy.cors,envoy.csrf,envoy.ext_authz,envoy.fault,envoy.filters.http.dynamic_forward_proxy,envoy.filters.http.grpc_http1_reverse_bridge,envoy.filters.http.header_to_metadata,envoy.filters.http.jwt_authn,envoy.filters.http.original_src,envoy.filters.http.rbac,envoy.filters.http.tap,envoy.grpc_http1_bridge,envoy.grpc_json_transcoder,envoy.grpc_web,envoy.gzip,envoy.health_check,envoy.http_dynamo_filter,envoy.ip_tagging,envoy.lua,envoy.rate_limit,envoy.router,envoy.squash
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:248] filters.listener: envoy.listener.original_dst,envoy.listener.original_src,envoy.listener.proxy_protocol,envoy.listener.tls_inspector
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:251] filters.network: envoy.client_ssl_auth,envoy.echo,envoy.ext_authz,envoy.filters.network.dubbo_proxy,envoy.filters.network.mysql_proxy,envoy.filters.network.rbac,envoy.filters.network.sni_cluster,envoy.filters.network.thrift_proxy,envoy.filters.network.zookeeper_proxy,envoy.http_connection_manager,envoy.mongo_proxy,envoy.ratelimit,envoy.redis_proxy,envoy.tcp_proxy
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:253] stat_sinks: envoy.dog_statsd,envoy.metrics_service,envoy.stat_sinks.hystrix,envoy.statsd
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:255] tracers: envoy.dynamic.ot,envoy.lightstep,envoy.tracers.datadog,envoy.tracers.opencensus,envoy.zipkin
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:258] transport_sockets.downstream: envoy.transport_sockets.alts,envoy.transport_sockets.tap,raw_buffer,tls
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:261] transport_sockets.upstream: envoy.transport_sockets.alts,envoy.transport_sockets.tap,raw_buffer,tls
[2022-01-04 08:18:49.612][1][info][main] [source/server/server.cc:267] buffer implementation: old (libevent)
[2022-01-04 08:18:49.616][1][warning][main] [source/server/server.cc:327] No admin address given, so no admin HTTP server started.
[2022-01-04 08:18:49.617][1][info][main] [source/server/server.cc:432] runtime: layers:
- name: base
static_layer:
{}
- name: admin
admin_layer:
{}
[2022-01-04 08:18:49.617][1][warning][runtime] [source/common/runtime/runtime_impl.cc:497] Skipping unsupported runtime layer: name: "base"
static_layer {
}
[2022-01-04 08:18:49.617][1][info][config] [source/server/configuration_impl.cc:61] loading 0 static secret(s)
[2022-01-04 08:18:49.617][1][info][config] [source/server/configuration_impl.cc:67] loading 0 cluster(s)
[2022-01-04 08:18:49.617][1][info][upstream] [source/common/upstream/cluster_manager_impl.cc:148] cm init: all clusters initialized
[2022-01-04 08:18:49.617][1][info][config] [source/server/configuration_impl.cc:71] loading 1 listener(s)
[2022-01-04 08:18:49.618][1][info][config] [source/server/configuration_impl.cc:96] loading tracing configuration
[2022-01-04 08:18:49.618][1][info][config] [source/server/configuration_impl.cc:116] loading stats sink configuration
[2022-01-04 08:18:49.618][1][info][main] [source/server/server.cc:500] all clusters initialized. initializing init manager
[2022-01-04 08:18:49.618][1][info][config] [source/server/listener_manager_impl.cc:761] all dependencies initialized. starting workers
[2022-01-04 08:18:49.618][1][info][main] [source/server/server.cc:516] starting main dispatch loop
# 成功
## 测试
root@mybot:~# nc 172.17.0.2 15001
ss # 输入
ss # echo出来的结果
### 172.17.0.2 是容器的ip 15001 是定义的容器的端口
yaml mongodb.dsn: "mongodb://foresight:QktdxcdzdG1=b@dds-bp1023cb4d5f0a741.mongodb.rds.aliyuncs.com:3717,dds-bp1023cb4d5f0a742.mongodb.rds.aliyuncs.com:3717/admin?replicaSet=mgset-28796467&readPreference=secondaryPreferred"
cn-hz-foresight 121.40.221.72 foresight-bff.camera360.com
端点示例:
yaml
yaml{ "stat_prefix": "...", # 用于统计数据中输出时使用的前缀字符;
"cluster": "...", # 路由到的目标集群标识;
"weighted_clusters": "{...}",
"metadata_match": "{...}",
"idle_timeout": "{...}", # 上下游连接间的超时时长,即没有发送和接收报文的超时时长;
"access_log": [], # 访问日志; "max_connect_attempts": "{...}" # 最大连接尝试次数;
}
listeners:
- name: listener_0
address:
socket_address: { address 0.0.0.0,prot_value: 80 }
filter_chains:
- filters:
- name: envoy.tcp_proxy
type_config:
"@type":type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy
stat_prefix: tcp
cluster: test_cluster
完整示例
yamlstatic_resources:
listeners:
name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 80 }
filter_chains:
- filters:
- name: envoy.tcp_proxy
typed_config: "@type": type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy
stat_prefix: tcp
cluster: test_cluster
clusters:
- name: test_cluster
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: test_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address: { address: 172.17.0.3, port_value: 80 }
- endpoint:
address:
socket_address: { address: 172.17.0.4, port_value: 80 }
实验:
bashstatic_resources:
listeners:
name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 80 }
filter_chains:
- filters:
- name: envoy.tcp_proxy
typed_config: "@type": type.googleapis.com/envoy.config.filter.network.tcp_proxy.v2.TcpProxy
stat_prefix: tcp
cluster: test_cluster
clusters:
- name: test_cluster
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: test_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address: { address: 127.0.0.1, port_value: 8081 }
xDS api 是为envoy提供资源的动态配置机制。
本文作者:mykernel
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!