Hallo alle zusammen!
Ich arbeite als Backend-Entwickler bei Tinkoff, wo ich an der Entwicklung einer CRM-Systemplattform fΓΌr die Betreuung von Einzelpersonen und juristischen Personen beteiligt bin.
edge proxy β . , . β Envoy.
Envoy β , C++. Lyft β , Uber β , . β service mesh.
, cors, access-control, rate limiting, outlier detection, jwt .
, . , , . !
upstream--, http- . , , echo-server Go. docker, . : 8081, 8082, 8083 , container id.
, :
curl -v localhost:8081
:
Request served by a29f0fba3451
HTTP/1.1 GET /
Host: localhost:8081
User-Agent: curl/7.64.1
Accept: */*
a29f0fba3451 β .
Envoy. , docker β .
-admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 127.0.0.1, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { host_rewrite: www.google.com, cluster: service_google }
http_filters:
- name: envoy.router
clusters:
- name: service_google
connect_timeout: 0.25s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [{ socket_address: { address: google.com, port_value: 443 }}]
tls_context: { sni: www.google.com }
:
- , listener.
- Virtual host .
- . β routes, .
- Cluster β upstream- .
- Endpoint β upstream- .
, LDS, VHDS, RDS, CDS EDS .
, yaml- . control-plane- API envoy gRP-. Envoy Go Java. .
.
echo_cluster (-), load_assignment.endpoints echo-server.
echo-serverclusters:
- name: echo_cluster
connect_timeout: 3s
type: STRICT_DNS
dns_lookup_family: V4_ONLY
load_assignment:
cluster_name: echo_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8081
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8082
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8083
. envoy.http_connection_manager -. , . , "/echo" .
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: echo
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/echo" }
route: { cluster: echo_cluster }
http_filters:
- name: envoy.router
dockerfile:
FROM envoyproxy/envoy:v1.13.0
COPY envoy.yaml /etc/envoy/envoy.yaml
, :
docker build -t envoy:v1 .
docker run -p 8080:8080 --rm envoy:v1
! http- "/echo" Envoy echo-server.
curl localhost:8080/echo
Request served by a29f0fba3451
HTTP/1.1 GET /echo
Host: localhost:8080
User-Agent: curl/7.64.1
Accept: */*
X-Forwarded-Proto: http
X-Request-Id: dd4b850c-9b4e-45e5-a411-4b76293b1e33
X-Envoy-Expected-Rq-Timeout-Ms: 15000
Content-Length: 0
404.
round robin ( ), .
-. .
500 GET '/echo' round-robin Envoy , . stateful- , -.
, .
. , , , . , .
'lb_policy: RING_HASH' clusters:
- name: echo_cluster
lb_policy: RING_HASH
, . Envoy . , .
id_key - match: { prefix: "/echo" }
route: {
cluster: echo_cluster,
hash_policy: {
header: {
header_name: id_key
}
}
}
, . Envoy β http .
. , , cors, , jwt- . envoy.lua. , , Lua.
'id_key'.
Lua - name: envoy.lua
typed_config:
"@type": type.googleapis.com/envoy.config.filter.http.lua.v2.Lua
inline_code: |
function envoy_on_request(request)
hasIdKey = "/echo/key/(.+)/?.*"
path = request:headers():get(":path")
key = path:match(hasIdKey)
if key ~= nil then
request:headers():add("id_key", key)
end
end
echo-server:
500 GET '/echo/key/2570e384-5fc0-11ea-bc55-0242ac130003' , RING_HASH . .
- . , , , , , .
Envoy , .
lb_subset_config, instance_id- name: echo_cluster
lb_policy: ROUND_ROBIN
lb_subset_config:
fallback_policy: ANY_ENDPOINT
subset_selectors:
- keys:
- instance_id
instance_idendpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8081
metadata:
filter_metadata: { "envoy.lb" : { "instance_id": "a29f0fba3451"}}
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8082
metadata:
filter_metadata: { "envoy.lb" : { "instance_id": "d6325ed590c0"}}
- endpoint:
address:
socket_address:
address: docker.for.mac.localhost
port_value: 8083
metadata:
filter_metadata: { "envoy.lb" : { "instance_id": "6e2f60a09101"}}
Envoy instance_id , .
http- envoy.filters.http.header_to_metadata, instance-id.
, - , .
Lua instance-id - name: envoy.lua
typed_config:
"@type": type.googleapis.com/envoy.config.filter.http.lua.v2.Lua
inline_code: |
function envoy_on_request(request)
hasInstanceId = "/echo/instance/(.+)/?.*"
path = request:headers():get(":path")
key = path:match(hasInstanceId)
if key ~= nil then
request:headers():add("instance-id", key)
end
end
, , instance-id (container id), , .
500 GET '/echo/instance/a29f0fba3451' , , Envoy .
. - , - . , .
.
.