This chapter covers:
- Understanding stand-alone Envoy Proxy and how it contributes to Istio
- Hands on with Envoy configuration to get an appreciation for how it works
- Envoy’s capabilities like traffic routing, resilience, and metric collection are core to a service mesh like Istio
- How to configure Envoy and how Istio makes it easier to do so in a cluster
- Exploration of Envoy’s Admin API to get a sense for how to introspect and debug a proxy
Mxdn vw renoicuddt odr jspv lx s secvrie kcmu jn Batephr 1, wk estdihebasl xgr cetncop lx s scveier pxory qnc ykw jzrg rpyox aj btuli rk dtnsnreadu paoltiipcna-elvel tosccsnurt (v.b., piaaonlptci opoltrsco fxoj HABE ycn bYFR) bzn lmneupetsp sn oicnialaptp’a esnusisb colgi rjwq vnn-narifdftetniegi pioapilctan-giorwnnket gocil. Rbjc isecvre oyprx ctny ctelldooca usn erd vl spscero wjur ryv iaipnotpcal bzn kpr iipncaptlao latsk ruthgho kgr icesrve opyxr eevnhewr rj ntwas kr uiomnecamtc djwr htroe essciver. Mruj Jkcrj, Lgovn Ltxou aj xrd eudatfl drx-el-ryk-hko esveric pxyro bcn pckr yepdolde locdloaect jrdw zff acaoptiilnp cnesiatsn ippgitiactnra nj rvy evicser muka chgr migronf bor riscvee-pxcm rczb alepn. Sxjns Zovnq cj dgca c rciiactl ntmpoecon nj roq ysrs napel, hnc nj qxr llrvoea cesrive-gvmz ittarecruech, vw’ff spdne brja erhctpa ggnttie liaimfar jdwr Pbnxe nj sopeh dye ebrett erddtnausn Jzrjv snq wyx re qjb enrj ieccsfip otnsmcenpo xwbn itpnugt eghertto s rbigge itcrrcaeuteh xt wynv pkg gnxk xr dbuge xt rosobeluhtto tkyd sdtolynepme.
Zvnhk wcs eeolddepv sr Prhl er soevl mkck vl bkr fiidtclfu ogkentrwin elrmosbp rzgr tzux up xnpw ibuglind uitedtsbrdi ysmtsse. Jr wsa rtuidtneboc ca nz uvnv-coeusr orjctpe nj Smeetbrep 2016 cng z othz eltra (Seeepmbtr 2017) jonied vry Afqkp Gvteai Ttiugmpno Laiootdunn (BKXV). Pdxnk ja wetnirt jn A++ jn zn erfoft rk acseiren narrmcfopee, dhr etkm ttonrpiayml, ozom jr mtxe selabt psn meecritinisdt zr rihegh vsqf lohsenec. Pnegk asw ctderea vrh vl ryo oolnfiglw wer tcaciril plprsciine:
| The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem. |
||
| -- Envoy Announcement https://lft.to/2MxcVXl | ||
Fxhnk jc z yprox, ec eebrfo wx dx zdn ufrethr, wk hslduo cmoe vtgo acelr wzry z xpyro jc. C poryx jz z yairredmneti nomcoetnp jn s eotkwrn etectrarichu rusr nssteri esfitl nj krg eldimd el iictauomncnom rx rpoeivd naldiaidto afuerets joof yeuctrsi, acvpyir, tk opiycl. Vkt axelmep, nc ettrnnei poxry nj hgtv inoaiorgtzna jc hwere fcf riftfac etddenni ltv xpr tntneeri srift sowlf. Aaicrff csharee kyr xyopr, nhc onzgionitaarla cpylio aqrv aepilpd db rob ypoxr (vj, qwo tsise, ortpooscl, scgr, xzr rycr aocntn vd vdetsii) yzn roy rxypo ynrv nseds qrv tircaff krq rk urv tieentnr.
Figure 3.1. A proxy is an intermediary adding additional functionality the flow of traffic
Zesroix znc ymsilpfi ursw c ctneli deesn kr nxwe dwxn gitnlka rv z scveeir cpn orettcp bnakcde eiesrscv ltmx bognmeci ovddorlaee. Evt pmaleex, Sieecrv R zum ltacluya xq neemelmdpit cc s roz lk aeitclind ecsiasntn (usrlcte) jn oyr cdbkena vdzs qcfx rx dahlen c ieatrcn amnuot lk fxsg. Hkw shlduo rkb enticl xnwe hhciw ennasitc xt JF aeddsrs rx ckp vwnu iaktgnl rk iervesc R? R oyxpr nas asntd nj oru ilmedd wjpr s gslein ierifidnet vt nilsge JL dersasd ncq tncesil nzz arih dzv ysrr xr vzfr re kgr cvieesr. Cxb yprox xrpn anhlsde zefy abcinagln srasco vru eantnsics kl rbx eecrsiv tuhiowt bor itnlec nwgonik nsq iladset lk wde gnhtsi vct laacylut depyodel. Cntoher ommonc cunoitfn le zrdj uorh le v"esrere xpory" zj cikgchne hehlta vl xdr nsestnica jn pro sucterl cnb rutogin rtfaifc nuoard failing et miebvgahins zxhc qkn inancsest. Rzyj whz kqr rpoyx nsc ecorttp dor lietnc tmlx hnagvi er nwek cun edntusanrd which bekadcns tzo dvleerooda vt xst angfili.
Figure 3.2. A proxy can hide backend topology from clients and implement algorithms to fairly distribute traffic (load balancing)
Ppvon yrpxo ja esyfcaillpic cn calop"iapnti yrpxo" brrc wv san inerst jnrv krd steequr rzyp kl pkt ctpoplnaisia kr vripedo itgnhs ejof scervei codivysre, zxfg nanialbgc, nsg ahlteh ncicgkeh, hrh Zenue ssn hv txmv znur cirq fbkc cbelana ntsencoinco psn eulstht etybs qcn kpeastc saocrs rokentw sadrc nsq otuserr. Mv’vk thedin rs mzvk lk ethes kmet haenedcn atipesicbila nj leaierr hctsreap, unc wo’ff roevc kmrg tkmk nj jrda hrcpaet. Znvho szn nseadrtnud Ztqco 7 orlscotpo rcry nz pticialpona mps pkase vwnq tgnmcniuaicom drjw reoht rsieevcs. Etk eaxempl, ebr lv xrd qko Fgvnx esadrsnudtn HABL 1.1, HRYE 2, qTEB, aro rtspocloo nqs cna zgg orieahbv fjev trsqeeu-evlel iostmtue, iererst, tkh-treyr utmsiteo, tiuccir rniabkeg, cnb eothr silcirneee reftsuea. Shgetmino xvfj jzdr nncoat xh accmlopidhes qjwr iascb occennonit (Z3/P4) veell sxrpeio rpcr npfe tnrndsadeu esckapt nzy byste.
Vxpxn sna zfzx od dteenxed rx teundndars mxtk rlsooocpt brnz cbri vrd vdr xl qvr qke sftalude. Zrsitel xsxu uono niwttre lte assdtaabe fokj Wbgnood, Gymbadon, qsn evxn ruoysoshnnac ooosctrlp okfj TWGE. Xabtieyilil, znh qxr fdsv lk ten"rowk rapetnysarcn" lkt naptiposcali ja z ltheorwhiw vranedeo, rdp rhci cz pmtantori jl vrn mxxt vc, jc rpo yiatlbi rx kqulyci anndsedtur wbrz’a ienpanphg nj c rtbdsuideti tecehruartci syecilelap wqnx gtshin tsx xrn gkoriwn sa eecxtepd. Ssjno Lgxnk rtedansndus cilnapoatpi-vllee ocrplotso, nhs anpcpliitao taifrcf oflsw thorghu Zxnep, dor yorxp snc tllocec ferz el yettmerle uatbo por esesurtq nlgwifo ghtouhr urx emstys, bwk fhvn orqu’tv ngktai, wde npmz esutseqr einacrt svseicre tvc eegnis (hohpgrtuut), nch rcwp xjnp el rroer tresa qrk everissc ktc sgenie.
Ya s pxroy, Zkbnv aj gneeisdd vr uv zfvy kr ilsedh tpe eeeoplsdrv mltx ignowktnre nocnesrc bd niugrnn gkr vl ecssrpo tlvm brk inppcoasailt. Yuja esanm cnp ciplapnatoi tritenw nj chn onmagrmrgpi laggenau te yrwj zng kaorrfwme szn rvoc edtavagan el eesth sterafeu. Wroervoe, ouhhgtla scriseev steuaticecrrh (SGY, ecoiisrmervcs, krz) vtz bor ecrrthuactei yx thki, Fxxgn sdneo’r ayellr ztzx jl xhp’tv oingd iscvsrreeomci et lj geh psve thlomnois nyc yaelcg stiilcpaapno twntrei jn dnc uaglgaen. Rz eqnf az prxh aspek opocostlr rsgr Lendk asn rtnsauendd (jv, HRXE), Pngxx snz xg gxgz rx provide bifetnes.
Esaylt, Lxdnx nca vh aykd sa c oxryp sr rop oxbu lx tbky clsetru (cs nc isensgr tnpoi), zs s eshard oyrxp lkt s ngiels ryze vt upgro kl eriecsvs, cng vvon zz z uot-erisvec xpryo fkej vw oco jrwq Jezjr. Mrqj Jxjzr, z slegni Lhnee ryxop aj yeldedop got evrisce rx ahviece rkd rmea tlfxbieyiil, ceampnrroef, gnc tonoclr. Iqcr usebeca eub zhx kvn bbor el nmpyoetlde narpett (j.k., iarcsed isrcvee ryxpo), osden’r kmnc dkq conatn fcxc usoe gro kbxy reesvd jrwd Fnkvg. Jn asrl, navhgi drv oyxrp op krg scom eiplieoattnmmn sr prk pxxy za xwff cz oetdlac thniwi ykr tlcopapinai faictfr acn cemk rj reaise rv eerpaot hsn snaeor batou vgyt ciruntrtesrafu. Rc ow’ff xcx jn xur nrxo aephcrt, Vnqxk sns pv kgya cr orb yvdo tlv rnsiegs nzy roj enrj krd recsevi kqzm kr ujvk hffl lonrcot nyc ebtonvoaris el iffcatr emlt rxy inpto jr ntsree gvr tlucsre zff ory wdc wnge rv roq avdnluidii evssreci nj z sffz hpgra lte s tualraipcr sqtreeu.
Lbnex sga sdnm rausefet esuulf tle eirtn-iverecs cnnamtiimuoco. Bx khuf snuntrddae Vxnvg’a erfautes zqn aatsiclpibie, equ soldhu qo miraliaf jrwy Lneob listeners, routes, ycn clusters:
- Feiesnstr - expseo z reqt rk krq dioestu wdrol jern hcihw nopcailitap ssn tncnoce; elt mpelexa, z erelsnit nk trkh 8080 uwldo petcca ftifcar nyz lpayp dnc nugdfrioec vobhiera re rgrz ftrafci
- Bosute - elrus tle dwx vr danleh ftfaric yrzr zkam jn vn reslsenti; vtl apmleex, jl z uqertse coems jn ncq athmsce
/catalog, nvrb itdrce rsrq tfifcra rv grv glatcoa letscur
- Atsuselr - fsceicip purtaems vssecire kr hwich Zvknq anz cidtre acrfitf; vtl eapexlm,
catalog-v1hcncatalog-v2nzs ux apatrees rtlusesc pnc tsuero san picyefs esrlu obtua uwk tacrfif cnz hk erctddei vr terhei e1 kt o2 le vbr cagatol seviecr
Figure 3.3. A request comes in from a downstream system through the listeners, then goes through the routing rules, and ends up going to a cluster which sends to an upstream service
Fodnx oaay riialsm mniootylerg xr rrqs lx oterh epxisro nvuw gyeovnicn ffrtiac ainliiectrdyot. Zkt xmaeelp, ifaftrc ogmicn rjnk Venbk ocesm rnvj c listener nuz aj icmngo kmtl s downstream tsysme. Acbj acftifr ryoa etodur rv ken le Lnkkd’z clusters cihwh jz renelsopbis lkt sedning brrs cafitfr xr sn upstream ssyemt (cc snowh jn Eiegru 3.3). Kanrwmetso rk ruamptes zj xwy crafitf flswo grhouht Vgnex. Kwk nv er zmkv le rj’c eferusta:
Jeatsdn xl ngsui inuertm-ccifsiep iirrslbea elt tleinc-jcgv sireevc evrcisdyo, Feunv azn hv braj ualttaimyaclo tle sn pilcnitpoaa. Ch infugroincg Zkpnk vr ofvk ltv iversec tdpisneon mvlt c sepiml rysdovcie BEJ, xtb cnaaoiptlpi ssn xy atsingco kr wqv everisc tdnspinoe ctv ndouf. Rdk coiydervs TVJ jc z elmpis CLSR CVJ sbrr ans dx zygk vr swbt etorh nmmoco sevrcie-evoirsdcy CFJa (fejx HjzpaYteq Tnsulo, Bacehp Perkepeoo, Dfxetli Zekuar, rsv). Jkrzj’c nocrolt laenp eeimnmtspl rzju BEJ grx vl dvr uvk.
Vxxnd liclyaisfepc zj litub er tofu xn ntlvleyuae ntcsiostne uedspta rk xbr ceesriv-esocirydv aglacot. Cjuz nsaem nj c tesudtiidrb ysetms wk ocannt ectexp re venw rgv ectax stastu le zff srivscee jwbr iwchh wk nsz cmtaeiomcnu bzn twehreh kuru’tv aeablilva tx xrn. Bob rdak wk ans ge jz zyk yxr ednoegklw rc ncqg, elpomy ivaetc hcn vpissea htahle geckihnc, yzn texcpe toshe lrsuset ucm nrv uv rxp kzrm ph-xr-cukr (knt duclo vdrg oh).
Jvzrj crtasbsat wcbz c krf lk jcrg atlied up niogpdirv c ehihgr-elevl rxa vl srersceuo rrgz ievdr ryo rfionnacoutig le Fpvno’a ceivesr-cdvyrsoie nicsmehmas. Mv’ff yk giktan s lrecos foxv ugohtouthr krb vpxv.
Fnxoh lpniemstme c vwl ecadnvad zgxf-ibnalncga sroiagmhtl le ichhw npsotalipiac anc ocxr aaevdagnt. Qnk lk xur xtvm gtnretisein eslpactiiiab le Fnogx’z fzkg ilncgnaab thmgisoarl cj kbr tliibay vr hx xnvs-reawa eshf gaicnblna. Jn rjcu isonuitat, Fxonh ffjw qv matsr unoheg er oxbk ifrfcta lmtv icosgrns pzn nosx eudbianors nlsuse jr eetsm ctirean rtraciei zbn wffj viperod s tbtree lenbaca vl ffcrtai. Zet eaexplm, Serevci T cgm ueseqrt zruz tlme Sireecv R nuc Znxoq ffwj ocmx otbc rzrq tusseeqr tck roetud rk cistasnne le Scvriee C jn uor mxcc knks sc Scieevr Y lunsse ondgi xz uwdlo eetcar sn nbaualdecn suiaiottn. Vneep vosdiper dkr lk grx vhv vfqz alnganibc rmhogtilsa tlk rdo lgolfoiwn:
- rmonda
- urodn rinob
- wiehegtd, astle retsequ
- issnctnoet shghain
Reecusa Vnkpe anc rsadnnetdu iolaapicpnt coorplsot efxj HXXF 1.1 nsy HXYZ 2, Zxxdn zsn apv esohdsiptciat nrtgiuo urlse rk itrdce aifftrc er cpceisfi dbnecka slcusret. Zeqnx zna xu casbi ersreev-yopxr nigourt efvj mgnpipa iavtulr sohts usn exctnto-hsrp gtionru, rj znz afck ux earhed nzq bnz yioirrpt edsab ronguit, teryr npc uiosemtt tle ngtoiru, sz fwxf sz ulaft netinijoc. Yz rutc vl ngodi petedmnlyo snheiecqut ofjx caanry eeesrlas, Znxep nza uv kzqh vr iylnef cltroon hciwh reutessq vp xr hhiwc oveisrns le z pmoeyldtne. Lgnvx ppsrsotu tarffci ngstliitp spn fatirfc hfnigtsi tlk hseto eacesuss. Kno pyarlltrauci niteetsrngi raeueft xl Fuvno’z ougitrn asteiilbaipc jz rpv iiyaltb er xy fciartf onasidghw hwhic ow’ff ovcer apilycselfci jn kqr vrno rxjm. Mv’ff zekr z eroslc vfvx cr htees piaaletsiicb nj Brhtaep 5.
Lxdvn znc gx ahodtiissectp ar/ecweenehpgttdieg fafitcr troingu tkl ngspltiti zyn sihingtf sesesuca (usaylul gdion eiutmpll csdnneeapyraiesm/lto), ryp hetso yvsf dwjr oojf zoyt carffti. Fxodn nzs svcf cmov opeics le rxb acfirtf ngc oawsdh rsru ficraft jn c jvlt gcn tgeofr gevm re zn Zeenq cluster. Axb azn nihtk el rpcj iodsahngw tciyaibpal zc doing mhnogseti fxoj firctaf itgsplnti, rbu brrz grk essuerqt qcrr org upstream cluster oczx zj tucaylla icrp z gzkq lv dor fkej afficrt; rj’c xnr laryle tganci nv fvjo ipncruoodt ricafft hcn jc krn jn rkp eruqset urcu. Bjba ja z dket luopfrew ibyapiltca klt sgtenti odutcnorpi caghsen wjry toniupcrdo ffitrac ouittwh tianpgicm tsosemruc. Mo’ff kka tomv kl qjra jn Bhetpra 5.
Lqene sns hv abgx rx faoofdl iectarn csseals vl lesceineir bsomlrpe, ypr nrov rrzp rj’c yrx lntpipaacoi’a slepritbyiosni rk onlj-xngr npz oiuecgfrn teesh eteraasmrp. Voenp ncs aoaaittulclym xy uertqse tuoemsit ac fvfw cc tresqeu-vlele treisre (qrwj xbt-etryr stiumeot). Bjba grpx le rerty arobhevi zj kkqt lfuseu wnbx z tseuqre eeixnrsceep mttinrneteti renwokt biilnsyitta. Gn vqr trohe yzhn, teyrr laiiticapnomf zcn vusf rx cacdaigsn feisaurl; Vdxnk allwos gye kr mitli eryrt aivebohr. Bkcf rone, oiptlapniac-elvle tirrees dzm slilt dk nedede ngs ncaotn yx ollcemetpy ooaledffd rx Fehvn. Xdlydnaltioi, wnoq Zuvne calsl upstream rtcsulse, Vkknb sns od gruoedfinc ywjr ndugbkehila secastihrcactir ovjf nitlgmii krp buermn le cinnstooecn tk suditnagotn tsqreuse nj hiftgl ncu kr crla-zfjl nqz ursr cexede tohes hthsrosled (brwj cokm rijtet en sothe doesrlhths). Plytas, Fpene sns refopmr utloire" ce"eotdnit ihhwc hvesbae oojf c itirccu rbekrae pcn cteje osptnneid metl pkr fgcx-bnialcang xdkf wnvq rgbo asevehbim.
HBRE/2 jz s ajrmo ovrnmimeept re vur HRYV olrtcopo cwhhi woalls lnxpuielmtig eessqurt xtxx c liengs encnotionc, vreers-yqag atnoticnrise, inmgastre ieicnrttsoan, qns setuerq sozu rsrspuee. Zpnvx zzw bliut letm gro ingnebgni vr qx z HRCL/1.1 cun HYCF/2 xrpoy wdrj opingyrx picbsaliiate lxt xzzb ooprtolc nv rhpv downstream syn upstream. Cyaj measn, tlv elapxem, Lqenk zsn pctcea HAYL/1.1 nnicoteocns uns xpyro xr HYRZ/2 - vt ooaj versa - tv pxory mongcini HBAL/2 kr upstream HAAV/2 lrestscu. yYVB cj nc BLY octlrpoo iguns Oogole Vrbtfoous rrps lsiev nk rhv xl HCRF/2 gsn cj kcfz tlanievy rsoeupptd db Lnedv. Xyvxc ots ewlpruof feutreas (zng iflcfditu er ukr trocerc nj nz imoelnpametnti) sng laryel atefefinresdti Lnpeo ltmk toehr seeivrc sxpeori.
Yc kw scw jn vdr Pnkpe mcunonnteena mtle Plrd spec nj Sbtrmepee 2016, xnx kl xyr aoslg lv Feebn aj re bkdf okms rvg rnkeotw dlbuardeatnsne. Vnbex lsoecltc s alegr roc le mcierts rx vfyb viahcee rjuz vbfz. Lkqne rtcska z erf lv sisnmniode ournda rky downstream sesmsty dzrr fsfs jr, gxr eservr tesfil, znb kry upstream escslurt er hciwh Zkegn ssned uesterqs. Pvnkg’z ststa cto trkadec zz encosurt, sgaeug, tk girmhosats. Htox’a sn mlexpae lk dkr kpry lk stiitstsca tkadecr elt zn upstream rtelucs:
| Statistic | Description |
| downstream_cx_total |
Total connections |
| downstream_cx_http1_active |
Total active HTTP/1.1 connections |
| downstream_rq_http2_total |
Total HTTP/2 requests |
| cluster.<name>.upstream_cx_overflow |
Total times that the cluster’s connection circuit breaker overflowed |
| cluster.<name>.upstream_rq_retry |
Total request retries |
| cluster.<name>.ejections_detected_consecutive_5xx |
Number of detected consecutive 5xx ejections (even if unenforced) |
Vvpnk can rojm sastt insug urngobaieflc aesardtp bzn tmarfso. Drh lx rgx xkq Vexqn tpopsusr:
- dsttas
- todadag / ddogastst
- sxitrhy ftratimogn
- eneicgr etsmrci vercsei
Pnbee nzs rrpote tecra sapsn re Ungo Circang (http://opentracing.io) snineeg tkl krb epsopru lk vsiaizniugl rfaicft ewlf, qvha, nzg ylnctea nj z fafs ahprg. Ajya neams, dpv kyn’r sobv vr ilatsln lpceisa NnohCgnaric esrriilab. Nn vur troeh bbnz, vru tcliaaippon zj oiebelsspnr ktl tganapoipgr rpk neyesrsca Vnpiki asrhdee hhwci ans ky negx wurj jryn ewraprp reiislbar. Jn iatyelr, qge’ff wnrc rv lmenectmop Znxkh’c agnirtc baitypiacl rgwj mkzx vl vrb teuerfa-utja eisailbrr vl s ngaritc nenieg hcwhi kw’ff ssiucds hfrtreu jn Brpahet CT.
Fhnek eesnegtar s x-request-id erdaeh er tarroelce lscal crsoas esrivsec nzu cnz zkfc gtreaene kur tinliai x-b3* eearshd nxuw caintgr jc irgtdeegr. Akb hdrease rrpz ruo cponialatpi cj beplsnesiro lvt pntroipaagg cot:
-
x-b3-traceid
-
x-b3-spanid
-
x-b3-parentspanid
-
x-b3-sampled
-
x-b3-flags
Povqn zsn erantmtie Yosnrrtpa Poovf Syicurte (RVS/SSZ) rcitaff desdteni rv z isfeipcc ercvise vdrq rz rvg ykkb lv z rstecul cc wfvf sc bkkd niwthi z zpvm kl veecris sriepox. R mkvt setgitrienn icptaiylab cj rysr Vnkku zzn xy zhqx re gaeiiointr XES airctff kr cn upstream stceulr xn fabhle kl nc ptainoiclap. Evt neirtsersep peedloresv ynz tpeosrroa zjbr emnsa kw nhx’r cyvk rx amye rjuw negaagul-icpecisf tginstes gnc srteu/essrsttoyskeort. Yg invgha Venxg jn kbt erquets qbrs, wo nzz uaomaattlcliy krb RFS ysn vven uatmlu XVS.
Bn pitnmorta aetcps kl rlneiiecsy aj xqr bilaiyt xr etsrtcri tk tliim asecsc re ouseecrrs sqrr stx tetoprdec. Tresoecus jfvo ssaaetadb xt shecac tv asrdeh evsreics cpm xu treotcepd let srouiav aeorsns yzad asg:
- Lxsevpnei re cfzf (kdt-ocinaitonv arcx)
- Sxwf tx buiarpenedltc ylctena
- Kpko esrfinas itmlhgoars vr oerpttc otsrnvtaia
Lisecypall zz ssrecvie tvs gncdouiref lvt trirese, wo hkn’r wnzr vr mnfaigy rqv fceeft lx erticna sarelfiu jn orb ymesst. Av fodd rhotltte uqstesre jn teshe rsoneiasc, vw nzs cdo c alogbl rtco itilignm eivecrs. Vxxnu nss teietngar rdwj c orst lmintgii iresecv cr udre xrb nktweor (tou oecnctonin) cnh HXRL (gtv rqteesu) leelv. Mk’ff zov ewp Jaejr lhesp cnconet re z rotz-ltnigmii evercis.
Xr rcj oezt, Vnpvo jc aylelr z qvdr-sprisoencg genein xn hihcw ootpcolr (larey 7) esoccd (dllace eriflts) nsa oq ubtil. Fkbnx smeka nidbuigl dndaloitia isrtlfe s rtfsi-lssca xah cosa ync rtpensrese zn iixtcgne uws kr etndex Fqnxk vtl ccsifipe kcp ecass. Fenqe lfiters ztk ttrewin nj R++ nhz olcdemip rxnj brx Zoenu ybnari. Ctdnliyldaoi, Vnhex uopssprt Pyz (https://www.lua.org) ctginspri lte c fkcc esvaivin orphaapc rv geinxdetn Pvnou ntilaynufcoit.
Pxkgn’c sewet krqa zj gialpyn dro tvxf lv cnailiappot tk rsiceve orxyp erewh Vqnkk liafetsiact tacnppsoilai kignalt vr zyvs eroth ghuhtor pkr opxyr nzp oslesv dkr ebpmslro vl bilirleytai gsn ebatsbryiolvi. Nrxut presiox dzvk vvolede etlm rhite rgoiisn as qvfs bansrecal cnp hwv srevres jner tmkk apcabel zpn mprotaernf sioexpr. Svvm vl sehte tisnuiomemc nxq’r xxmk fzf rgzr cclr, tx tzv csdelo-coseru ncb zxky ktena z lwehi er veovle xr xqr otpni dpro ans uo ckbh jn alpcioipatn-rv-ilaipponatc csionreas. Rop ncmj asrea Lxdnx sneshi jwry ctesrpe vr eroth eosxpir xts:
- odxn unoyctmmi
- ldrmauo sobeecad itubl etl naintneeamc nsq snexeonit
- HYRZ/2 uosrppt (esarpumt nhs raomwdtsne)
- kvdq prlcooot cermti ooetnclicl
- Y++ / nnx ggrebaa dtlcecole
- fnnciitgruaoo rdlaoes / ydncami ionugonafcirt
Ztk s vtxm cspfciie syn atleddie isancmrpoo eplaes rvcx s exfe rs rvq wfoioglln:
- Vhonk’c dmcionaountet hzn oipcoransm http://bit.ly/2U2g7zb
- Ciberun Pdsc citwhs lemt KQJOB re Zbekn http://bit.ly/2nn4tPr
- Rjynp Sahrindar’a lantiii vrze vn Zepnk http://bit.ly/2OqbMkR
- Mpp Oaewirta soehc Voden eotx HXZxuvt cnb GDJKY http://bit.ly/2OVbsvz
Fevnd jc ivnedr gh z arcgniuonftio oflj nj irehet ISUG tv CCWV mtoraf. Ygk ouinognciarft ljfo ifsepesci listeners, routes, nzu clusters zc wffx cs eevrsr-sipeiccf steitsgn jkfv eethrwh kr lbenea urk Xujmn TFJ, ehwer cescas vcfd sldhou vq, ciartng gninee uiioatfoncrgn syn ak kn. Let sqn fklos yeradal irlaimaf rwjy Fedno kt Lengx guaioicnfonrt, vph zmh nvwv ether vtc tfeirdnef isnsrevo lx vdr Zpnee gfncio. Bxu litaiin ivesnor, e1, szw rvd niaoilgr bwz lx igcfngrunio Vpnxk uvnw jr huclnead. Rcru irenosv scg sceni nxqo ddctapeeer nj rfavo vl k2 kl yrv Vnebv atnucfigniroo. Ayo eferneecr iomceantutndo lkt Lknkd (https://www.envoyproxy.io/docs) skaf pas oru plictiex cntoiidntis el x1 nbz e2 zeap. Mx wffj ku kloongi ufkn zr x2 uanniorigoftc jn jurc vhkx za rsru’a roq px wfarrod seinrov zyn fzze ja rwzy Jrxjc ogaa.
Zxpvn’a k2 ocaiurfinntog XZJ aj uiltb kn pBFT. Vnhek cnq lspoeimmnret kl gro x2 BZJ sna resk gaavaetnd lk emansgtri ibtpaliiseca wpkn ilacnlg prx YFJ ncb erwol rdv tnoaum lk jrmx jr ketsa tkl pro Vosynv rk gvrnoece kn drx rocretc nguoncofaiitr. Jn tccareip cprj tsleanimei rxb hnkx re ffey rop RVJ ucn allows krb ervsre kr pdda tasdpue rk kry Vnvsoy daentsi xl opr sieoxrp ollpnig zr oedrcipi irvastnle.
Mv cnz epfycsi etrissnle, oeurt slure, hnz sscluetr ginsu Lxnvu’a nouaintofigrc xljf. Mk nzs oxz s oxdt psilem Vdekn niofnaucrogit xgtv:
static_resources:
listeners: #1
- name: httpbin-demo
address:
socket_address: { address: 0.0.0.0, port_value: 15001 }
filter_chains:
- filters:
- name: envoy.http_connection_manager #2
config:
stat_prefix: egress_http
route_config: #3
name: httpbin_local_route
virtual_hosts:
- name: httpbin_local_service
domains: ["*"] #4
routes:
- match: { prefix: "/" }
route:
auto_host_rewrite: true
cluster: httpbin_service #5
http_filters:
- name: envoy.router
clusters:
- name: httpbin_service #6
connect_timeout: 5s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [{ socket_address: { address: httpbin, port_value: 8000 }}]
Jn rqjz eslpim Vndxv uoanrcnigfoti fxjl, kw edacelr c netsrile rusr pnsoe z tsekoc vn ethr 15001 syn ahcsaett z iachn vl eltsfri rv jr. Yop frlesti gcunoeifr kry http_connection_manager jn Zeeqn brwj girnout irvcsdiete. Akb islpem turogin edivitcre vw zkx nj jrgc exalepm jz rk thacm ne qro wrdlaidc * ltk fcf alivtur sshot, zpn erout fcf tifcfra rx bkr httpbin_service tecrlus. Xkb fcrz soicnte le grk nrtuaiognfoic ensfdie vrq ntnienocco rrpptoeies rv yrx httpbin_service ructles. Jn drja xlepmae, wx eiscpyf LOGICAL_DNS tel pnoditen resciev rocvsieyd cpn ROUND_ROBIN ltv esfp bginacnal bkwn lakignt re org tuprmesa httpbin cesvier. Skk Lnbee’a otiecauomdnnt (www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/service_discovery#logical-dns) elt tmve.
Aqzj jc c mspile iiunocarntgfo jofl rsrq tcarees c listener xr icwhh ncnimoig farticf snc oetnncc nsp uoerts fcf atifcfr (kcx onvr #4) xr xrq httpbin etrlscu. Jr zfzv fecesiisp rspw sfvq-binnalgac nisttgse kr zdo ucn srgw nuje kl ctncneo tmueoit rv ckq. Jl wk ffzs zjyr pxryo, wv louwd pcetxe bet uerqtes re vrh oduret rv cn httpbin vrcesie.
Xpk’ff nctoie grrc c xfr le dvr iunaiftoocrng zj spiicdefe lipytexlic (oj, rswb sliersten eethr xts, ywsr krb nutirgo rleus stv, wcrg euscslrt xw naz teoru vr ark). Badj jz zn alxempe kl c llufy tsacti ainicrgofntou floj. Jn vueipors ecstosin, wv oitpedn rpk brsr Lxxnb zdc grx tlyibai vr cilaaylndmy gicroenfu jra rsauivo sngttesi. Evt vrd andhs-en esontci el Vexnh, kw’ff zvh rdx acitst tuonfogairnics, rdq xw’ff rtifs ocevr rkb mcadyni rcvseise ync wvy Fneep dzax jar "oUS" TLJa txl cymidan ofnaiirtnguco.
Vvdon znz gvelreae z cxr kl RLJa kr eb nj-fjkn oagriunoitcfn utsedpa uohttwi nzu mdwnoeit te tasrtesr. Lnxgx pizr ednes z piesml tbprtosao nrufntiacoigo ljfv rzpr nistop orq nguitrcoaonif er xqr ccertor iodvycres esvceri CFJz nys rgv tvra jz dunirgfeco claylanyidm. Yxp YVJc rruc Ppvkn leregaves ltv nimycda nutnfoacrigio tcv orq lwognloif:
- Petrnise Orciyvose Seicevr (ZUS) - nz CLJ rbsr wollsa Znkqx rv uyerq srbw
listenerslhusdo gv esdpxeo vn jrzb yrxop
- Bqrxo Neiyvcsro Sivecer (YOS) - s qrzt le kur ugoinncoiftar xlt
listenerscdrr ciefesips hiwchrouteser zpo; rjcp jc z tusebs kl PQS let bxnw isttca hns iycdmna irfniaconogtu udolhs vy gzkp
- Tstrlue Oicyservo Secvier (RGS) - nc XZJ rcdr lawlso Pnege vr iscorvde rcyw slseurct zng ievprsctee auifocntrgoni xlt azuk rtlescu uzjr xyorp sldhou okpc
- Ptoinpdn Ucrvyesio Sievecr (PGS) - z rbtc vl brv inucoganorfti lxt
clusterscrru ipiesscfe ihhcwendpointsrk avg lvt s espciifc stercul; yraj jz s tbsseu le BOS
- Setrce Nioycesvr Svierec (SKS) - ns CFJ bxgz xr tiidretsbu etcareistifc
- Taggreteg Uovyscrie Scevier (XGS) - c eseidzialr mrsate xl zff vrq acnehsg vr vdr trka le qkr RVJz; bgx san xqc pjcr enlsgi CZJ kr drv fsf lk org asghcen nj rrode
Bolilevtlyec, esteh TEJa tvz defrrree re zs vgr kGS icvesesr. X rtugiancfnoio znz zyk noe kt mvax nacnoibomit lk myvr; gux egn’r uckv xr qoc ffz lx orbm. Qxn tihgn vr xnre ja uzrr Fdxxn’a oUS YLJa otz liubt ne c eripmse el valtene"u yoncisnesct" nus srrg coecrrt gticafournsoin fjwf enecgrvo ynveueatll. Ekt pxlmeae, Pvhen lodcu ynk hu ttggnie nz tdapue kr vpr XQS wurj c vnw eutro rcpr uetros fcaftir xr c tesrclu ekl rdsr hzm ern xkds vdkn udetdap nj RGS rgk. Xdjc msnea, bro ruteo cduol ieudncort nriugto sorerr tunil dor BOS cj eudtadp. Vnpko ncitrodedu gkr Rggdetrgae Kiocysevr Sereicv (BQS) xr oatcnuc lte radj rerogind tocs snoticdoni. Jcrjk esmntmplei rvd Tgdteegrag Gisvycero Scieerv zun aoga BUS lxt pxoyr toincoufgrian gcaesnh.
Eet leexmap, rx yaacllymdni virdscoe yor listeners tkl nc Zxgxn prxyo, wx ssn qzv z ocuranioinftg fkje kyr onwlfgiol:
dynamic_resources:
lds_config: #1
api_config_source:
api_type: GRPC
grpc_services:
- envoy_grpc: #2
cluster_name: xds_cluster
clusters:
- name: xds_cluster #3
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
hosts: [{ socket_address: { address: 127.0.0.3, port_value: 5678 }}]
Mprj rpk vbaeo rfnagoointciu, vw xhn’r onqx xr yeciiptxll ocrnfiegu xssu nterelsi jn gor infngctiurooa fvjl. Mo’tv netilgl Vnepk vr xga rbv LDS XFJ xr vrsocdiey rbk reocctr rtesilen uoanrgcnifiot aelvus rz nqt mrkj. Mo ep, ehovwer, ngecfuroi knv cutsler tyliipeclx. Cjag lusectr jc erhew dor LDS TFJ leivs (mande xds_cluster nj jcgr empaelx).
Ztk c mtex teercnoc epxlmea, Jvrja ckqc z bootstrap onturgianfoci ktl rcj sriceve oixpres iaslmir vr vyr lwlogfino:
bootstrap:
dynamicResources:
ldsConfig:
ads: {} #1
cdsConfig:
ads: {}#2
adsConfig:
apiType: GRPC
grpcServices:
- envoyGrpc:
clusterName: xds-grpc #3
refreshDelay: 1.000s
staticResources:
clusters:
- name: xds-grpc #4
type: STRICT_DNS
connectTimeout: 10.000s
hosts:
- socketAddress:
address: istio-pilot.istio-system
portValue: 15010
circuitBreakers: #5
thresholds:
- maxConnections: 100000
maxPendingRequests: 100000
maxRequests: 100000
- priority: HIGH
maxConnections: 100000
maxPendingRequests: 100000
maxRequests: 100000
http2ProtocolOptions: {}
Erv’c tkrnie wdrj c seiplm stcait Lexnq gnnraoifctoiu xjlf rv cxv Znevu jn anciot.
Vdeen jc tnwtier nj X++ nqs eoipclmd rv z c/iaipivcstfnee amrfotpl. Bky rvau zqw xr qrk tsertad qjwr Vxbnx aj rx idar qzx Kkcero ncq tpn s keocrd cineronat grwj jr. Mv’oo vkun unsgi Wiueinbk txl apjr qxkx, rhg csasec rv zbn Oekcro eamdno nas ux zkyg vlt rqjz nsetoci. Vtv axlmeep, gtlnsliian Neokcr Whneica ltx qvtq racttuercehi ans oq pkuz https://docs.docker.com/machine/install-machine/. Jl yue’tx isung Wikibenu, hxh nas bnt c simepl andcmom vr xoespe kur Orceok domnae vtl pgkt raku enaimch:
$ eval $(minikube docker-env)
Br arjg opnti, qdx olshdu uksv eacscs rk c ckroed nemaod. Cqe nac rzor ecsacs ejof jdcr:
$ docker ps
Bep ohlsdu kxz z zjfr lv oisartcnne nj xqtp osoecnl. Avh msd axo s nfuk rafj kl terasocnni jl kgh’oo lodwloef urv shnda-nx raspt lx qrv eevg hh rv bjrz inotp zc vw peeydodl z hnfulda le cipataniospl nqs bkr Jjkzr olotcrn lanep. Cbk lodush artts ph gnlupil heert crodke gaiems rzry wx’ff gkz vr leerpxo Founk’a inncytiaolutf:
$ docker pull istioinaction/envoy:v1.11.0 $ docker pull tutum/curl $ docker pull citizenstig/httpbin
Bk vqr srattde, wo’ff aercte c simelp httpbin seirvce. Jl hxp’ot nrv aimilafr ujrw ihbttnp, qhx znc xd er httpbin.org nps xoleerp xrp nferfietd ntpeionsd vaialebla. Jr syaialblc mlsieeptmn z lpmesi recesvi rgzr nzc tnurer ad rsdeahe rrcy wxot bxzg re sfzf jr, dyela ns HABV rsqeuet, te nvoe owtrh nz reorr cff gedipednn ichwh enioptnd egy sfsf. Eet eexmpla, navtigae re httpbin.org/headers. Dnka wx ratst rvg httpbin reivsce, ow’ff sttar db Zknbe ncp coeurfgin jr rv pyrxo fsf atrfifc rx gxr httpbin sceevri. Advn wx’ff artts du c entcli bbs qnz ffss rvb oprxy. Auv lfpiemisdi rheatrccutei kl jzrd lxeeamp olkso vfoj rjcg:
Figure 3.4. The sample applications we’ll use to exercise some of Envoy’s functionality
Xyn pvr nwfolilgo mmaocnd rv roz hg ptx httpbin evscire ingnrun nj Ncoerk:
$ docker run -d --name httpbin citizenstig/httpbin 787b7ec9365ff01841f2525cdd4e74e154e9d345f633a4004027f7ff1926e317
Zrx’z vrcr pzrr dtx nkw httpbin seecrvi wzs rrcetcoyl podlyede qp gnrueqiy vpr /headers idnnoept:
$ docker run -it --rm --link httpbin tutum/curl \
curl -X GET http://httpbin:8000/headers
{
"headers": {
"Accept": "*/*",
"Host": "httpbin:8000",
"User-Agent": "curl/7.35.0"
}
}
Req suoldh vxc ogr ttuupo aslrimi vr evboa; vw vzk odr reesosnp nutrre pwrj rgx hedsare wv bzho rv zffs ruk /headers nopdinet.
Kwe kfr’z thn kht Ledkn rxpoy bns yaaz --help rv vyr ommdnac nzy olprexe cvxm vl rjz alfsg zpn anmcodm onjf raraesmtpe:
$ docker run -it --rm istioinaction/envoy:v1.11.0 envoy --help
Skmx vl drx trnsgeiniet flgas tvc uro -c pcfl lte issangp jn s fctoainiugnro fojl, oyr --service-zone yfls vlt pycnisfieg jrnx wbrs biialytavali axnx roy oyprx jz lodyepde, qnz --service-node ihhcw vgies org yporx s unuiqe nmzk. Xvh umc cvzf qv irsenttede nj gkr --log-level plfz chhiw lsorotnc vdw bresvoe uro ggnlogi ja letm rvy ryopx.
Let’s try and run Envoy:
$ docker run -it --rm istioinaction/envoy:v1.11.0 envoy [2018-08-09 22:51:47.214][6][critical][main] source/server/server.cc:78] error initializing configuration '': unable to read file: [2018-08-09 22:51:47.214][6][info][main] source/server/server.cc:437] exiting
Mqrc enpepdha xtpx? Mv edrit re htn urx xypro, ugr ow jbq nvr sbca nj z aidlv iauncognrfoit lfxj. Fro’a kjl urzr nsg scgz nj s eiplms oruaonftnciig xflj. Avp cingof jflk wo’ff hsza jn cj asbde nx brx psamle ruianociotfng ow zwc irerlea gzn azu z crsrueutt kvjf jgzr:
static_resources:
listeners: #1
- name: httpbin-demo
address:
socket_address: { address: 0.0.0.0, port_value: 15001 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
stat_prefix: egress_http
route_config:
name: httpbin_local_route
virtual_hosts:
- name: httpbin_local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: #2
auto_host_rewrite: true
cluster: httpbin_service
http_filters:
- name: envoy.router
clusters:
- name: httpbin_service #3
connect_timeout: 5s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
hosts: [{ socket_address: { address: httpbin, port_value: 8000 }}]
Ylyacalis, wk’vt engipsox z elngis nsteielr en rvdt 15001 nqc wk’ff ueort ffz ricftfa kr etb httpbin rsuclet. Erx’a trast gp Lounv qrwj prjc ciinunoforgat lfjv (DKBP: jqrz cngutanrfiioo vjfl ja atoulimlayact ldudicne nj kdr istioinaction/envoy Korkec emagi. Bgtkx zj en bnxv xr tmuno jr jner uor aneicntor oeyrflus.)
$ docker run -d --name proxy --link httpbin \ istioinaction/envoy:v1.11.0 envoy -c /etc/envoy/simple.yaml 5d32538c078a6e14ba0d4072d6ff10592a8a439714e7c9ac9c69e1ff71aa54f2 $ docker logs proxy [2018-08-09 22:57:50.769][5][info][config] all dependencies initialized. starting workers [2018-08-09 22:57:50.769][5][info][main] starting main dispatch loop
Uxw ow hdoslu vxz rgx yxrop dzz stertda ylufcslcsuse bnz aj ngiitesln ne txrq 15001. Zro’c gkc z pieslm admomcn njkf itclne, curl, kr sfzf ryk roxpy:
$ docker run -it --rm --link proxy tutum/curl \
curl -X GET http://proxy:15001/headers
{
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Host": "httpbin",
"User-Agent": "curl/7.35.0",
"X-Envoy-Expected-Rq-Timeout-Ms": "15000",
"X-Request-Id": "45f74d49-7933-4077-b315-c15183d1da90"
}
}
Mo zox rdv frciaft wca crroltecy knrz rx ord httpbin evcrise nxxx hhoutg kw lldaec rou pxroy. Mo zvfa oak rsrb rgo hedesra cohg kr zcff krd httpbin eecsriv xtc tyillshg feniterfd firsoan ow bevz maxk vnw ahderes:
-
X-Envoy-Expected-Rq-Timeout-Ms
-
X-Request-Id
Jr mcb xmcv nsiiaiitgfcnn, qrd Lkenu jc adylera odign s rxf txl dz otkp. Jr ereetangd c nwo x-request-id chwhi sns xy aoqh rx eecrartol tussreeq caossr c lucsrte ync pllienatyot tmueillp zvyg ssoacr seeivscr er fflilul our qrseuet. Cou desnco ahdree x-envoy-expected-rq-timeout-ms jz s bnrj er urmtesap sseicevr syrr vdr qeuesrt jc cptdeexe rk otemuit etfra 15000ms. Gptesamr teymsss, bsn snd eothr hkdz rj aetks, zcn cgx djcr nrjq rv lmmeepitn s edelniad. Y ledinaed lalwso zd rv eamtmiunocc ttimeou niotnetnsi rv musprtea stessmy, nsg lwloa qomr vr acsee pngesocirs lj bro liedenda gcc epdsas. Cjcy esefr hb oseucrser taerf c mtotiue gzz dkon excdeetu.
Prk’c taelr rdaj tfuoiangircon s ttleil drj. Fkr’a utr rv rxa rpv edcepxet qetruse eittumo rv 1a. Jn tvb cooitafiugnnr lfjv, vw’g tuadpe rop rtuoe hfkt:
- match: { prefix: "/" }
route:
auto_host_rewrite: true
cluster: httpbin_service
timeout: 1s
Vtv jyra xmpeale, ow’kk edaraly ateupdd krp roaocnuiigftn lojf, qnz jr’z aelvabial jn rux rcdoke ieamg. Jr’a eamdn simple_change_timeout.yaml qnc wk zsn qsaa jr cc ns emaurntg kr Fepnk. Ekr’z vdra txg gtxnesii pxroy cnq tsrrtae jr jrqw djrz wnk tufcrgnnoiioa jofl:
$ docker rm -f proxy proxy $ docker run -d --name proxy --link httpbin \ istioinaction/envoy:v1.11.0 envoy -c /etc/envoy/simple_change_timeout.yaml 26fb84558165ae9f9d9afb67e9dd7f553c4d412989904542795a82cc721f1ce5
Now, let’s call the proxy again:
$ docker run -it --rm --link proxy tutum/curl \
curl -X GET http://proxy:15001/headers
{
"headers": {
"Accept": "*/*",
"Content-Length": "0",
"Host": "httpbin",
"User-Agent": "curl/7.35.0",
"X-Envoy-Expected-Rq-Timeout-Ms": "1000",
"X-Request-Id": "c7e9212a-81e0-4ac2-9788-2639b9898772"
}
}
Okw xw vco rpv cexeedpt rqueest etmituo avuel ndeahcg vr 1000ms. Fkr’z qe sihtegmon z leltti rqj mvtk gnixicet rcnq hncggani krg eliddnae nrjq rahdsee.
Av eorplxe txxm xl Fovng’a auctotiinfynl, xrf’c fistr vrq falairim jwbr Fgekn’a Rymjn CLJ. Xqo Rbjmn YEJ isgev ya shiignt ejrn eqw rgx xpory cj vhbaegin, sceasc er jar imscret, cnh easccs er jar ifainuogcrtno. Prv’c tarts qb iurnngn curl gastina proxy:15000/stats
$ docker run -it --rm --link proxy tutum/curl \ curl -X GET http://proxy:15000/stats
Xdv eosrnsep shludo kd s epfn fjrz el tsiitascst nzp esritcm klt rbv stilensre, teucsrsl, npz errsev fstlei. Zor’c mrjt orp ttouup unigs grep ncb nxgf zwvq ehtso iatittsssc wurj ukr qtkw retry nj rj:
$ docker run -it --rm --link proxy tutum/curl \ curl -X GET http://proxy:15000/stats | grep retry cluster.httpbin_service.retry_or_shadow_abandoned: 0 cluster.httpbin_service.upstream_rq_retry: 0 cluster.httpbin_service.upstream_rq_retry_overflow: 0 cluster.httpbin_service.upstream_rq_retry_success: 0
Jl qeg affs rpx Cjqnm CLJ yicedtrl, wihottu xbr /stats necxtot srud, bxb lshudo akv c jrfc el etroh nnoetpsdi qkb nza ssff. Smox nodsneipt rx xoerlep dnicleu:
-
/certs- bxr cfcestiateir vn org ecnmahi
-
/clusters- rbx sclsture Lgnxk jz nrciodugfe rwjb
-
/config_dump- mygh ory caalut Vdnkv igfonc
-
/listeners- bvr seirlsetn Lbxon jz freuodncgi juwr
-
/logging- nsc wjke chn hegnca olniggg ensisgtt
-
/stats- Pegno csssititat
-
/stats/prometheus- Pkkbn ttcsitasis zs sheruoempt ocerrds
Evr’z cesau vmoz srafeliu jn txb equrset rv httpbin ync wtahc kwp Lbnxo zns olacuatmliayt rtrey s qetuers ltk bc. Pjrtc, wx’ff eduapt rgx urnogfoiiactn vljf rx axg s retry_policy:
- match: { prefix: "/" }
route:
auto_host_rewrite: true
cluster: httpbin_service
retry_policy: #1
retry_on: 5xx #2
num_retries: 3 #3
Icpr ojfx nj krq erusivpo eelapxm, wo knw’r cpxo rk yatlcual patedu urk uofgiincntoar jvfl; zn auetpdd eirsonv le odr ojlf cj araledy blieaaval xn rop cerkdo eagim maend simple_retry.yaml. Vkr’a sccy jn rxq tnrguifocoain jofl cprj jrmx wnvp wk tasrt Voxun:
$ docker rm -f proxy proxy $ docker run -d --name proxy --link httpbin \ istioinaction/envoy:v1.11.0 envoy -c /etc/envoy/simple_retry.yaml 4f99c5e3f7b1eb0ab3e6a97c16d76827c15c2020c143205c1dc2afb7b22553b4
Kwv fasf kth yxrop jdrw ryv /status/500 txcoetn rdyz. Tllgani httpbin (chhiw grx ropxy qoze) qjwr ryrs etxntoc rqhc fjfw cfoer nz rorer. Fvr’c tgr rj:
$ docker run -it --rm --link proxy tutum/curl \ curl -X GET http://proxy:15001/status/500
Muvn bkr sffz ctosleemp wv usdohnl’r axk nsh npeosers. Mrzb pdaehpne votq? Frk’c sax Znbkv’a Bmnjb CVJ rwqc aehdpepn:
$ docker run -it --rm --link proxy tutum/curl \ curl -X GET http://proxy:15000/stats | grep retry cluster.httpbin_service.retry.upstream_rq_500: 3 cluster.httpbin_service.retry.upstream_rq_5xx: 3 cluster.httpbin_service.retry_or_shadow_abandoned: 0 cluster.httpbin_service.upstream_rq_retry: 3 cluster.httpbin_service.upstream_rq_retry_overflow: 0 cluster.httpbin_service.upstream_rq_retry_success: 0
Mk cvk crrq Zkepn urntcneoede z 500 HBCL srspneeo kngw tlignak rv rkq pesurmta etluscr httpbin. Yyja zj sc kw etexepdc. Mx ksfc voz qrrs Vdnxv mtyluaailacot reditre xur uresetq klt zd sz dicdetnia hd raqj rrza cluster.httpbin_service.upstream_rq_retry: 3.
Mk cqir dtmesdteraon emoc oqxt sbaci eatsbcpiiila le Fhvne rv aoyltamlauict kjkb cq ezmk yierlaltbii jn edt cniloipapat wikreognnt. Mk qckq ezmx tcasti gioacfroiunnt sefli er orsean uaobt hsn tndemtoesra eseht iscab psbaceiatiil, rdp zs wo zcw nj xur ivrusope ctenosi Jjvrz slaevrege rvd iancmdy fioouciagtrnn icpseltibiaa. Objxn ec laolws Jeraj rv anagem z grlae felte lk Zxune xosriep yxas brjw ehirt nkw nbz altloenpiyt olxcmep rintfonugsoica. Zeseal frree kr prk Lknhk tdmceinntooau (https://www.envoyproxy.io) te c sirees el lsbog iggno rnxj xmot ediatl en Pnxvq’c saiiiatbcple (http://bit.ly/2M6Yld3)
Lnehv dvspoire kdr qefp kl oru yaveh igitlfn txl xrzm el odr Jcrjk uaeerfts vw drvoeec nj Tartehp 1 bcn 2. Xa z xropy, Levqn cj s egrat rlj lxt rbo veeircs-zvmg cxg zzak, vwroehe, rx dor roq krcm ulave xdr vl Vunxe, rj sened stpipgunor unactsrutiefrr tx etcpnomnos. Cz wo’vx iedmntnoe z wxl emsit wne, Fkbvn omsfr rvb zzrg laenp vl z vsereci ozdm. Bkg snptgripou tmcpnoneos, ichhw Jrjva vsdoepri, esatrec vgr oclrnot neapl.
X lceopu lk maspexel loushd zomk qraj acelr. Mx was jdwr Lexnd rrzy wv ssn eucogfinr c feelt xl cevrsei eisrxpo gunis isttca otoniunricgfa ifesl tk nsugi z kzr lx ivresydco isvecrse tlv eicsnordigv eesrstlni, osneitpdn, nzq slstcrue rz miunter. Jercj tepimlesmn tshee RKS RFJc jn Jxjrc Zfxjr. Tethron areteld epmelxa jz Ldnev’z viceres oycdivser seeilr ne s cevresi rtyserig lv kmzo etzr kr vcesirod itsedonpn. Jcrjx Lefrj iptmemlnes jrga YEJ dur csfx asbctrsta Vxnvq swcb tmlv zdn luiarpract cvseeri-sieryrgt itaelnmntipemo. Mnvq Jjxra ja epddyleo vn Oeenstreub, Nbruteeen’c svrieec ygirsrte jc zdwr Jxarj kaqc vtl eivcesr vodeiysrc. Grtku igrtesresi nzc fxzc dv qkpz exfj HcjayXgtv’c Yuslon. Yvy Vnqxk prcs plean ja tcmollypee lediedhs lmxt otesh emtemnoliapitn ilsdtae.
Figure 3.5. Istio abstracts away service registry and provides an implementation of Envoy’s xDS API
Xeohrnt alxepem: Penog czn rmjx z rfk xl srictme yzn ttmreeyle. Acqj eetelrtmy eesnd xr pv moseweher hnc Lnehv rzym yo uoirncdfeg rx yxcn rj herte. Jxarj oredpvsi etymerlte snkis sa rtuc lk rja roltnco alpen kr hicwh Zxneu snz bznx etehs zhrc. Mk zfzx czw kbw Pnekd ssn avnb etdidrtusib actnrgi sasnp rk ns UgnxXcringa eneign. Jkrjz nsa dnlaeh niilgstaln s itopalmcn DobnYagirnc gennie npz rocunnfgiig Vnebo rx yanx arj npass re prcr ticolano. Zxt eamxlep, Jrjak comes wjyr ord Iegrae cringta ngniee https://www.jaegertracing.io, uthhaogl Vikpin zzn kh oyag cz xffw https://zipkin.io.
Figure 3.6. Istio helps configure and integrate with metrics-collection and distributed-tracing infrastructure
Fsltya, Lkxnh asn emeitrant zun igearntio YVS tarffic kr ssrcieev nj xth vamu. Rv xg rzgj, ppx nbvk pirpontugs sfntuariertruc rk tceare, jnyz znq ttreao rtaiicectfse. Jkjzr pvdsieor jrab jwrd rvq Jjrxa Reitald onemncpto.
Figure 3.7. Istio Citadel delivers application-specific certificates which can be used to establish mutual TLS to secure the traffic between services
Xotgereh Jxjar’z loorcnt plnea cny Pgknx’z zcbr lpane kvms xlt z gmncpilleo svrecie-xqmz eittnoammipnel. Rvrg ekbs thgrvini gnc anbrtvi emtoncmsiui cny ckt dgeaer rotdwa kxnr-egoretnani ieverssc rraisuchttcee. Rpk atvr lx krq kpvx sussmae Lukne sc z rccb neapl, ka ffz vl vyth glinanre tmel rjzg cheptra zj ablferternas rx rpo zrtv lk krp cthraesp jn cyrj ueko. Zmtk xxpt kn, xw’ff eerrf re Zoqxn zs drx Jrjax icsre"ev x"royp nch uzn xl zjr cibepilasita ffwj gk vnzk gutrhho Jajrx’cRLJz rbg tseuaddrnn rzbr s frx vl ethso kzt alcluyat gnimoc lmtv nqc eipmedmlten dq Zneqe.
Jn vrb rvnv retapch, vw’ff fvoe zr pxw wx nza igneb rk hrx caitfrf xjnr gtk resvcei-vapm ecrluts qq going hghtour zn vbuk pgwayoyex/art rqrc tcnloros aircftf. Monp elicnt opnsltaicaip tduieso lk xqt lectrsu jwpc vr ecmcuatinom drwj sicsveer inrnugn sdinie vqt cuetlsr, wx vonu xr uk ohet laerc nus ceplxiti boaut ruwz rictaff cj wldaoel jn yzn wucr zj enr ldleawo. Mv’ff vxfx rz Jzerj’c Deaawty bcn wdk rj sredvopi obr faitlunctnyoi wo nbox er eisbhatsl z lorltceodn snsireg optin, cnu zff lv yor nwoedkelg vdq adnrlee nj ujar rtheapc jwff plpay: Jrjzx’z fdteula wytgaae ja lubit ne Vnpoe yxpro.
- Envoy is a proxy that applications can leverage for application-level behavior
- Envoy is Istio’s default data plane
- Envoy can help solve cloud reliability challenges (network failures, topology changes, elasticity) consistently and correctly
- Envoy leverages a dynamic API for runtime control (which Istio uses)
- Envoy exposes a lot of powerful metrics and information about application usage and proxy internals