Envoy 1.14.1配置入門

Envoy架構圖。

Envoy中的一些術語。

Host：能夠進行網絡通信的實體（如服務器上的應用程序）。
Downstream：下游主機連接到Envoy，發送請求並接收響應。
Upstream：上游主機接收來自Envoy連接和請求並返回響應。
Listener：可以被下游客戶端連接的命名網絡（如端口、unix套接字）。
Cluster：Envoy連接到的一組邏輯上相似的上游主機。
Mesh：以提供一致的網絡拓撲的一組主機。
Runtime configuration：與Envoy一起部署的外置實時配置系統。

官方沒有提供二進制安裝包，但提供了Envoy的Docker鏡像。

docker pull envoyproxy/envoy:v1.14.1

Envoy的啓動配置文件分爲兩種方式：靜態配置和動態配置。

靜態配置是將所有信息都放在配置文件中，啓動的時候直接加載。
動態配置需要提供一個Envoy的服務端，用於動態生成Envoy需要的服務發現接口，這裏叫XDS，通過發現服務來動態的調整配置信息，Istio就是實現了v2的API。

本文以靜態配置爲例，配置流量代理到百度。

vi envoy.yaml
static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { host_rewrite: www.baidu.com, cluster: service_baidu }
          http_filters:
          - name: envoy.router
  clusters:
  - name: service_baidu
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    hosts: [{ socket_address: { address: www.baidu.com, port_value: 443 }}]
    tls_context: { sni: baidu.com }
admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

監聽器（listeners）

監聽器監聽下游傳入的流量，監聽地址爲 0.0.0.0，端口爲 10000。

過濾器（filters）

通過 listeners 監聽傳入的流量，過濾器定義如何處理這些請求。每個過濾器的目的是找到傳入請求的匹配項，以使其與目標地址進行匹配。以上配置將所有流量代理到 baidu.com。

之所有增加host_rewrite: www.baidu.com配置是因爲百度要求必須域名訪問，如果不加該配置，在後面訪問百度時需要添加主機頭，curl -H "Host: www.baidu.com" 127.0.0.1。

集羣（clusters）

當請求與過濾器匹配時，該請求將會傳遞到集羣。Envoy將一組邏輯上相似的上游主機定義爲集羣。上面定義了地址爲 www.baidu.com, 端口爲 443的主機。

注意過濾器中的cluster值和集羣中的name值需要匹配。

啓動容器，將配置文件映射到容器中。

docker run --name=envoy-with-admin -d \
  -p 9901:9901 \
  -p 80:10000 \
  -v /root/envoy.yaml:/etc/envoy/envoy.yaml \
  envoyproxy/envoy:v1.14.1

docker exec -it envoy-with-admin sh
cat /etc/envoy/envoy.yaml

可以在宿主機訪問Envoy，發現已經被代理到百度。

curl 127.0.0.1
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>百度一下，你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn" autofocus></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新聞</a> <a href=https://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地圖</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>視頻</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>貼吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&amp;tpl=mn&amp;u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登錄</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登錄</a>');
                </script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多產品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>關於百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>&copy;2017&nbsp;Baidu&nbsp;<a href=http://www.baidu.com/duty/>使用百度前必讀</a>&nbsp; <a href=http://jianyi.baidu.com/ class=cp-feedback>意見反饋</a>&nbsp;京ICP證030173號&nbsp; <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>

可以訪問管理視圖。

curl 127.0.0.1:9901
<head>
  <title>Envoy Admin</title>
  <link rel='shortcut icon' type='image/png' href='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAAAH9SURBVEhL7ZRdTttAFIUrUFaAX5w9gIhgUfzshFRK+gIbaVbAzwaqCly1dSpKk5A485/YCdXpHTB4BsdgVe0bD0cZ3Xsm38yZ8byTUuJ/6g3wqqoBrBhPTzmmLfptMbAzttJTpTKAF2MWC7ADCdNIwXZpvMMwayiIwwS874CcOc9VuQPR1dBBChPMITpFXXU45hukIIH6kHhzVqkEYB8F5HYGvZ5B7EvwmHt9K/59CrU3QbY2RNYaQPYmJc+jPIBICNCcg20ZsAsCPfbcrFlRF+cJZpvXSJt9yMTxO/IAzJrCOfhJXiOgFEX/SbZmezTWxyNk4Q9anHMmjnzAhEyhAW8LCE6wl26J7ZFHH1FMYQxh567weQBOO1AW8D7P/UXAQySq/QvL8Fu9HfCEw4SKALm5BkC3bwjwhSKrA5hYAMXTJnPNiMyRBVzVjcgCyHiSm+8P+WGlnmwtP2RzbCMiQJ0d2KtmmmPorRHEhfMROVfTG5/fYrF5iWXzE80tfy9WPsCqx5Buj7FYH0LvDyHiqd+3otpsr4/fa5+xbEVQPfrYnntylQG5VGeMLBhgEfyE7o6e6qYzwHIjwl0QwXSvvTmrVAY4D5ddvT64wV0jRrr7FekO/XEjwuwwhuw7Ef7NY+dlfXpLb06EtHUJdVbsxvNUqBrwj/QGeEUSfwBAkmWHn5Bb/gAAAABJRU5ErkJggg=='/>
  <style>
    .home-table {
      font-family: sans-serif;
      font-size: medium;
      border-collapse: collapse;
    }

    .home-row:nth-child(even) {
      background-color: #dddddd;
    }

    .home-data {
      border: 1px solid #dddddd;
      text-align: left;
      padding: 8px;
    }

    .home-form {
      margin-bottom: 0;
    }
  </style>
</head>
<body>
  <table class='home-table'>
    <thead>
      <th class='home-data'>Command</th>
      <th class='home-data'>Description</th>
     </thead>
     <tbody>
<tr class='home-row'><td class='home-data'><a href='certs'>certs</a></td><td class='home-data'>print certs on machine</td></tr>
<tr class='home-row'><td class='home-data'><a href='clusters'>clusters</a></td><td class='home-data'>upstream cluster status</td></tr>
<tr class='home-row'><td class='home-data'><a href='config_dump'>config_dump</a></td><td class='home-data'>dump current Envoy configs (experimental)</td></tr>
<tr class='home-row'><td class='home-data'><a href='contention'>contention</a></td><td class='home-data'>dump current Envoy mutex contention stats (if enabled)</td></tr>
<tr class='home-row'><td class='home-data'><form action='cpuprofiler' method='post' class='home-form'><button>cpuprofiler</button></form></td><td class='home-data'>enable/disable the CPU profiler</td></tr>
<tr class='home-row'><td class='home-data'><form action='drain_listeners' method='post' class='home-form'><button>drain_listeners</button></form></td><td class='home-data'>drain listeners</td></tr>
<tr class='home-row'><td class='home-data'><form action='healthcheck/fail' method='post' class='home-form'><button>healthcheck/fail</button></form></td><td class='home-data'>cause the server to fail health checks</td></tr>
<tr class='home-row'><td class='home-data'><form action='healthcheck/ok' method='post' class='home-form'><button>healthcheck/ok</button></form></td><td class='home-data'>cause the server to pass health checks</td></tr>
<tr class='home-row'><td class='home-data'><form action='heapprofiler' method='post' class='home-form'><button>heapprofiler</button></form></td><td class='home-data'>enable/disable the heap profiler</td></tr>
<tr class='home-row'><td class='home-data'><a href='help'>help</a></td><td class='home-data'>print out list of admin commands</td></tr>
<tr class='home-row'><td class='home-data'><a href='hot_restart_version'>hot_restart_version</a></td><td class='home-data'>print the hot restart compatibility version</td></tr>
<tr class='home-row'><td class='home-data'><a href='listeners'>listeners</a></td><td class='home-data'>print listener info</td></tr>
<tr class='home-row'><td class='home-data'><form action='logging' method='post' class='home-form'><button>logging</button></form></td><td class='home-data'>query/change logging levels</td></tr>
<tr class='home-row'><td class='home-data'><a href='memory'>memory</a></td><td class='home-data'>print current allocation/heap usage</td></tr>
<tr class='home-row'><td class='home-data'><form action='quitquitquit' method='post' class='home-form'><button>quitquitquit</button></form></td><td class='home-data'>exit the server</td></tr>
<tr class='home-row'><td class='home-data'><a href='ready'>ready</a></td><td class='home-data'>print server state, return 200 if LIVE, otherwise return 503</td></tr>
<tr class='home-row'><td class='home-data'><form action='reopen_logs' method='post' class='home-form'><button>reopen_logs</button></form></td><td class='home-data'>reopen access logs</td></tr>
<tr class='home-row'><td class='home-data'><form action='reset_counters' method='post' class='home-form'><button>reset_counters</button></form></td><td class='home-data'>reset all counters to zero</td></tr>
<tr class='home-row'><td class='home-data'><a href='runtime'>runtime</a></td><td class='home-data'>print runtime values</td></tr>
<tr class='home-row'><td class='home-data'><form action='runtime_modify' method='post' class='home-form'><button>runtime_modify</button></form></td><td class='home-data'>modify runtime values</td></tr>
<tr class='home-row'><td class='home-data'><a href='server_info'>server_info</a></td><td class='home-data'>print server version/status information</td></tr>
<tr class='home-row'><td class='home-data'><a href='stats'>stats</a></td><td class='home-data'>print server stats</td></tr>
<tr class='home-row'><td class='home-data'><a href='stats/prometheus'>stats/prometheus</a></td><td class='home-data'>print server stats in prometheus format</td></tr>
<tr class='home-row'><td class='home-data'><a href='stats/recentlookups'>stats/recentlookups</a></td><td class='home-data'>Show recent stat-name lookups</td></tr>
<tr class='home-row'><td class='home-data'><form action='stats/recentlookups/clear' method='post' class='home-form'><button>stats/recentlookups/clear</button></form></td><td class='home-data'>clear list of stat-name lookups and counter</td></tr>
<tr class='home-row'><td class='home-data'><form action='stats/recentlookups/disable' method='post' class='home-form'><button>stats/recentlookups/disable</button></form></td><td class='home-data'>disable recording of reset stat-name lookup names</td></tr>
<tr class='home-row'><td class='home-data'><form action='stats/recentlookups/enable' method='post' class='home-form'><button>stats/recentlookups/enable</button></form></td><td class='home-data'>enable recording of reset stat-name lookup names</td></tr>

    </tbody>
  </table>
</body>

也可以通過宿主機之外的瀏覽器訪問，http://192.168.1.56。

管理視圖，http://192.168.1.56:9901。

Envoy 1.14.1配置入門

監聽器（listeners）

過濾器（filters）

集羣（clusters）

DAPPER 事務 TRANSACTION

CentOS 7.7下Kubernetes 1.18.0安裝

Prometheus Operator部署和使用

Ambassador系列-12-Prometheus Operator監控Ambassador Edge Stack

OpenShift 3.11單機安裝和使用

Helm 3安裝Nginx Ingress Controller和使用

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結