Envoy 是一款高性能的服务网格代理,支持动态配置和多种协议。文章阐述了 Envoy 的核心架构概念,包括 Host、Cluster、Listener 等组件,详细解析了 xDS 协议(LDS/RDS/CDS/EDS/SDS)的功能及相互关系。文中列举了 Listener、Network、HTTP 三种过滤器类型,并提供了具体的 YAML 配置示例及 Bootstrap、Listener、Cluster 等核心配置项说明,帮助开发者快速理解 Envoy 的配置结构与工作原理。
Host:能够进行网络通信的实体(在手机或服务器等上的应用程序)。在 Envoy 中主机是指逻辑网络应用程序。只要每台主机都可以独立寻址,一块物理硬件上就运行多个主机。
Downstream:下游(downstream)主机连接到 Envoy,发送请求并或获得响应。
Upstream:上游(upstream)主机获取来自 Envoy 的链接请求和响应。
Cluster: 集群(cluster)是 Envoy 连接到的一组逻辑上相似的上游主机。Envoy 通过服务发现发现集群中的成员。Envoy 可以通过主动运行状况检查来确定集群成员的健康状况。Envoy 如何将请求路由到集群成员由负载均衡策略确定。
Mesh:一组互相协调以提供一致网络拓扑的主机。Envoy mesh 是指一组 Envoy 代理,它们构成了由多种不同服务和应用程序平台组成的分布式系统的消息传递基础。
运行时配置:与 Envoy 一起部署的带外实时配置系统。可以在无需重启 Envoy 或更改 Envoy 主配置的情况下,通过更改设置来影响操作。
Listener: 侦听器(listener)是可以由下游客户端连接的命名网络位置(例如,端口、unix 域套接字等)。Envoy 公开一个或多个下游主机连接的侦听器。一般是每台主机运行一个 Envoy,使用单进程运行,但是每个进程中可以启动任意数量的 Listener(监听器),目前只监听 TCP,每个监听器都独立配置一定数量的(L3/L4)网络过滤器。Listenter 也可以通过 Listener Discovery Service(LDS)动态获取。
Listener filter:Listener 使用 listener filter(监听器过滤器)来操作链接的元数据。它的作用是在不更改 Envoy 的核心功能的情况下添加更多的集成功能。Listener filter 的 API 相对简单,因为这些过滤器最终是在新接受的套接字上运行。在链中可以互相衔接以支持更复杂的场景,例如调用速率限制。Envoy 已经包含了多个监听器过滤器。
Http Route Table:HTTP 的路由规则,例如请求的域名,Path 符合什么规则,转发给哪个 Cluster。
Health checking:健康检查会与 SDS 服务发现配合使用。但是,即使使用其他服务发现方式,也有相应需要进行主动健康检查的情况。
xDS 是 LDS, RDS, CDS, EDS, SDS 的总称,即发现服务,也就是他后 2 个字母 ds 是 discovery service。
L 即 Envoy 的监听端口,LDS 用于动态发现 Envoy 需要监听哪些端口。
R 即路由,RDS 用于发现路由配置。
C 即 cluster,CDS 用于动态发现 cluster 上游 cluster 信息。
E 即 endpoint,EDS 用于动态发现服务端点。
S 即秘钥,SDS 用于动态发现 TLS 证书。
envoy.filters.listener.http_inspector
envoy.filters.listener.original_dst
envoy.filters.listener.original_src
envoy.filters.listener.proxy_protocol
envoy.filters.listener.tls_inspector
envoy.filters.udp_listener.dns_filter
envoy.filters.udp_listener.udp_proxy
envoy.filters.network.client_ssl_auth
envoy.filters.network.direct_response
envoy.filters.network.dubbo_proxy
envoy.filters.network.echo
envoy.filters.network.ext_authz
envoy.filters.network.http_connection_manager
envoy.filters.network.kafka_broker
envoy.filters.network.local_ratelimit
envoy.filters.network.mongo_proxy
envoy.filters.network.mysql_proxy
envoy.filters.network.postgres_proxy
envoy.filters.network.ratelimit
envoy.filters.network.rbac
envoy.filters.network.redis_proxy
envoy.filters.network.rocketmq_proxy
envoy.filters.network.sni_cluster
envoy.filters.network.sni_dynamic_forward_proxy
envoy.filters.network.tcp_proxy
envoy.filters.network.thrift_proxy
envoy.filters.network.wasm
envoy.filters.network.zookeeper_proxy
envoy.filters.http.adaptive_concurrency
envoy.filters.http.admission_control
envoy.filters.http.aws_lambda
envoy.filters.http.aws_request_signing
envoy.filters.http.buffer
envoy.filters.http.cache
envoy.filters.http.cache.simple_http_cache
envoy.filters.http.cdn_loop
envoy.filters.http.composite
envoy.filters.http.compressor
envoy.filters.http.cors
envoy.filters.http.csrf
envoy.filters.http.decompressor
envoy.filters.http.dynamic_forward_proxy
envoy.filters.http.dynamo
envoy.filters.http.ext_authz
envoy.filters.http.ext_proc
envoy.filters.http.fault
envoy.filters.http.grpc_http1_bridge
envoy.filters.http.grpc_http1_reverse_bridge
envoy.filters.http.grpc_json_transcoder
envoy.filters.http.grpc_stats
envoy.filters.http.grpc_web
envoy.filters.http.gzip
envoy.filters.http.header_to_metadata
envoy.filters.http.health_check
envoy.filters.http.ip_tagging
envoy.filters.http.jwt_authn
envoy.filters.http.kill_request
envoy.filters.http.local_ratelimit
envoy.filters.http.lua
envoy.filters.http.oauth2
envoy.filters.http.on_demand
envoy.filters.http.original_src
envoy.filters.http.ratelimit
envoy.filters.http.rbac
envoy.filters.http.router
envoy.filters.http.squash
envoy.filters.http.tap
envoy.filters.http.wasm
# envoy.yaml
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route:
cluster: echo_service
max_grpc_timeout: 0s
cors:
allow_origin_string_match:
- prefix: "*"
allow_methods: GET, PUT, DELETE, POST, OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
max_age: "1728000"
expose_headers: custom-header-1,grpc-status,grpc-message
http_filters:
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.cors
- name: envoy.filters.http.router
clusters:
- name: echo_service
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
lb_policy: round_robin
load_assignment:
cluster_name: cluster_0
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: server
port_value: 50052
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener1
address:
socket_address: { address: 0.0.0.0, port_value: 5858 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: grpc_json
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/wind_power.WindServer" }
route: { cluster: grpc, timeout: { seconds: 60 } }
http_filters:
- name: envoy.filters.http.grpc_json_transcoder
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder
proto_descriptor: "/etc/envoy/proto.pb"
services: ["wind_power.WindServer"]
print_options:
add_whitespace: true
always_print_primitive_fields: true
always_print_enums_as_ints: false
preserve_proto_field_names: false
- name: envoy.filters.http.router
clusters:
- name: grpc
connect_timeout: 1.25s
type: logical_dns
lb_policy: round_robin
dns_lookup_family: V4_ONLY
http2_protocol_options: {}
upstream_connection_options:
tcp_keepalive:
keepalive_time: 300
load_assignment:
cluster_name: grpc
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: 0.0.0.0
port_value: 50052
{
"node": "{...}",
"static_resources": "{...}",
"dynamic_resources": "{...}",
"cluster_manager": "{...}",
"hds_config": "{...}",
"flags_path": "...",
"stats_sinks": [],
"stats_config": "{...}",
"stats_flush_interval": "{...}",
"stats_flush_on_admin": "...",
"watchdog": "{...}",
"watchdogs": "{...}",
"tracing": "{...}",
"layered_runtime": "{...}",
"admin": "{...}",
"overload_manager": "{...}",
"enable_dispatcher_stats": "...",
"header_prefix": "...",
"stats_server_version_override": "{...}",
"use_tcp_for_dns_lookups": "...",
"bootstrap_extensions": [],
"fatal_actions": [],
"default_socket_interface": "..."
}
{
"name": "...",
"address": "{...}",
"stat_prefix": "...",
"filter_chains": [],
"use_original_dst": "{...}",
"default_filter_chain": "{...}",
"per_connection_buffer_limit_bytes": "{...}",
"metadata": "{...}",
"drain_type": "...",
"listener_filters": [],
"listener_filters_timeout": "{...}",
"continue_on_listener_filters_timeout": "...",
"transparent": "{...}",
"freebind": "{...}",
"socket_options": [],
"tcp_fast_open_queue_length": "{...}",
"traffic_direction": "...",
"udp_listener_config": "{...}",
"api_listener": "{...}",
"connection_balance_config": "{...}",
"reuse_port": "...",
"access_log": [],
"tcp_backlog_size": "{...}",
"bind_to_port": "{...}"
}
{
"transport_socket_matches": [],
"name": "...",
"alt_stat_name": "...",
"type": "...",
"cluster_type": "{...}",
"eds_cluster_config": "{...}",
"connect_timeout": "{...}",
"per_connection_buffer_limit_bytes": "{...}",
"lb_policy": "...",
"load_assignment": "{...}",
"health_checks": [],
"max_requests_per_connection": "{...}",
"circuit_breakers": "{...}",
"upstream_http_protocol_options": "{...}",
"common_http_protocol_options": "{...}",
"http_protocol_options": "{...}",
"http2_protocol_options": "{...}",
"typed_extension_protocol_options": "{...}",
"dns_refresh_rate": "{...}",
"dns_failure_refresh_rate": "{...}",
"respect_dns_ttl": "...",
"dns_lookup_family": "...",
"dns_resolvers": [],
"use_tcp_for_dns_lookups": "...",
"outlier_detection": "{...}",
"cleanup_interval": "{...}",
"upstream_bind_config": "{...}",
"lb_subset_config": "{...}",
"ring_hash_lb_config": "{...}",
"maglev_lb_config": "{...}",
"original_dst_lb_config": "{...}",
"least_request_lb_config": "{...}",
"common_lb_config": "{...}",
"transport_socket": "{...}",
"metadata": "{...}",
"protocol_selection": "...",
"upstream_connection_options": "{...}",
"close_connections_on_host_health_failure": "...",
"ignore_health_on_host_removal": "...",
"filters": [],
"track_timeout_budgets": "...",
"upstream_config": "{...}",
"track_cluster_stats": "{...}",
"preconnect_policy": "{...}",
"connection_pool_per_downstream_connection": "..."
}
{
"name": "...",
"virtual_hosts": [],
"vhds": "{...}",
"internal_only_headers": [],
"response_headers_to_add": [],
"response_headers_to_remove": [],
"request_headers_to_add": [],
"request_headers_to_remove": [],
"most_specific_header_mutations_wins": "...",
"validate_clusters": "{...}",
"max_direct_response_body_size_bytes": "{...}"
}
微信公众号「极客日志」,在微信中扫描左侧二维码关注。展示文案:极客日志 zeeklog
将字符串编码和解码为其 Base64 格式表示形式即可。 在线工具,Base64 字符串编码/解码在线工具,online
将字符串、文件或图像转换为其 Base64 表示形式。 在线工具,Base64 文件转换器在线工具,online
将 Markdown(GFM)转为 HTML 片段,浏览器内 marked 解析;与 HTML转Markdown 互为补充。 在线工具,Markdown转HTML在线工具,online
将 HTML 片段转为 GitHub Flavored Markdown,支持标题、列表、链接、代码块与表格等;浏览器内处理,可链接预填。 在线工具,HTML转Markdown在线工具,online
通过删除不必要的空白来缩小和压缩JSON。 在线工具,JSON 压缩在线工具,online
将JSON字符串修饰为友好的可读格式。 在线工具,JSON美化和格式化在线工具,online