Envoy Proxy使用介绍教程(五): envoy的配置文件完全展开介绍
目录
- 目录
- 说明
- 配置文件概览
- node – 节点信息
- admin – 管理接口
- flags_path – 参数
- runtime – 运行时状态
- watchdog – 看门狗设置
- overload_manager – 过载管理
- stats_* – 状态数据
- tracing – 调用跟踪
- rate_limit_service – 限速服务
- static_resources – 静态配置
- cluster_manager – 集群管理
- dynamic_resources – 动态发现
- hds_config – 健康检查
- 参考
说明
这篇笔记比较老,不再更新维护,请移步最新的手册:envoy相关笔记。
Envoy(三):envoy设计思路、配置文件和功能特性概览中给出了envoy配置模板的完整定义,这里将envoy的配置文件完全展开,形成全景式认识。
这里使用的是envoy 1.8.0,对应文档是1.8.0。
配置文件概览
{
"node": {
"id": "...",
"cluster": "...",
"metadata": "{...}",
"locality": "{...}",
"build_version": "..."
},
"static_resources": {
"listeners": [],
"clusters": [],
"secrets": []
},
"dynamic_resources": {
"lds_config": "{...}",
"cds_config": "{...}",
"ads_config": "{...}"
},
"cluster_manager": {
"local_cluster_name": "...",
"outlier_detection": "{...}",
"upstream_bind_config": "{...}",
"load_stats_config": "{...}"
},
"hds_config": {
"api_type": "...",
"cluster_names": [],
"grpc_services": [],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": "{...}"
},
"flags_path": "...",
"stats_sinks": [
{
"name": "...",
"config": "{...}"
}
],
"stats_config": {
"stats_tags": [],
"use_all_default_tags": "{...}",
"stats_matcher": "{...}"
},
"stats_flush_interval": "{...}",
"watchdog": {
"miss_timeout": "{...}",
"megamiss_timeout": "{...}",
"kill_timeout": "{...}",
"multikill_timeout": "{...}"
},
"tracing": {
"http": "{...}"
},
"rate_limit_service": {
"grpc_service": "{...}"
},
"runtime": {
"symlink_root": "...",
"subdirectory": "...",
"override_subdirectory": "..."
},
"admin": {
"access_log_path": "...",
"profile_path": "...",
"address": "{...}"
},
"overload_manager": {
"refresh_interval": "{...}",
"resource_monitors": [],
"actions": []
}
}
node – 节点信息
node中配置的是envoy的标记信息,是呈现给management server的。
{
"id": "...",
"cluster": "...",
"metadata": "{...}",
"locality": {
"region": "...",
"zone": "...",
"sub_zone": "..."
},
"build_version": "..."
}
id可以用命令行参数--service-node指定,cluster可以用命令行参数--service-cluster指定。
metadata是自定义的结构,会被原原本本地发送给management server。
admin – 管理接口
{
"access_log_path": "...",
"profile_path": "...",
"address": {
"socket_address": {
"protocol": "...",
"address": "...",
"port_value": "...",
"named_port": "...",
"resolver_name": "...",
"ipv4_compat": "..."
},
"pipe": {
"path": "..."
}
}
}
flags_path – 参数
string,指定文件参数目录。
runtime – 运行时状态
{
"symlink_root": "...",
"subdirectory": "...",
"override_subdirectory": "..."
}
watchdog – 看门狗设置
{
"miss_timeout": "{...}",
"megamiss_timeout": "{...}",
"kill_timeout": "{...}",
"multikill_timeout": "{...}"
}
overload_manager – 过载管理
config.overload.v2alpha.OverloadManager
{
"refresh_interval": "{...}",
"resource_monitors": [
{
"name": "...",
"config": "{...}"
}
],
"actions": [
{
"name": "This is just a well-known string that listeners can use for registering callbacks. ",
"triggers": [
{
"name": "...",
"threshold": "{...}"
}
]
}
]
}
目前支持的resource_monitors有两个:
envoy.resource_monitors.fixed_heap
envoy.resource_monitors.injected_resource
目前支持的Action:
envoy.overload_actions.stop_accepting_requests:
Envoy will immediately respond with a 503 response code to new requests
envoy.overload_actions.disable_http_keepalive
Envoy will disable keepalive on HTTP/1.x responses
envoy.overload_actions.stop_accepting_connections
Envoy will stop accepting new network connections on its configured listeners
stats_* – 状态数据
通过envoy admin的/stats/prometheus接口,可以获得prometheus格式的状态数据,感觉有这个功能就足够了。stats_sinks或许是为了支持prometheus之外的监控系统。
stats_sinks – 状态输出插件
Envoy可以将状态数据输出到多种采集系统中,在stats_sinks中配置:
{
"name": "...",
"config": "{...}"
}
envoy内置了以下stats sinks:
envoy.statsd
envoy.dog_statsd
envoy.metrics_service
envoy.stat_sinks.hystrix
分别对应不同的收集、展示系统。
stats_config – 状态指标配置
{
"stats_tags": [],
"use_all_default_tags": "{...}",
"stats_matcher": "{...}"
}
stats_flush_interval – 状态刷新时间
直接定义状态刷新时间。
tracing – 调用跟踪
对接外部的tracing服务。
{
"http": {
"name": "...",
"config": "{...}"
}
}
支持下列的tracing服务:
envoy.lightstep
envoy.zipkin
envoy.dynamic.ot
envoy.tracers.datadog
rate_limit_service – 限速服务
config.ratelimit.v2.RateLimitServiceConfig
Envoy采用的限速方案是Global rate limiting。限速时需要对接外部的限速服务,Lyft共享了一个基于redis的限速服务:lyft/ratelimit。
对接外部的限速服务:
{
"grpc_service": "{...}"
}
支持Network level和HTTP level级别的限速,前者在连接建立时限速,后者在发送http请求时限速。
具体的限制规则在每个listener的filter中设置。
static_resources – 静态配置
config.bootstrap.v2.Bootstrap.StaticResources
static_resources中是静态配置的资源,是envoy核心工作需要的资源,由listeners、clusters和secrets三部分组成。
{
"listeners": [],
"clusters": [],
"secrets": []
}
listeners – 监听器
listener是envoy要监听的地址:
{
"name": "...",
"address": {
"socket_address": {
"protocol": "...",
"address": "...",
"port_value": "...",
"named_port": "...",
"resolver_name": "...",
"ipv4_compat": "..."
},
"pipe": {
"path": "..."
}
},
"filter_chains": [
{
"name": "...",
"config": "{...}"
}
],
"use_original_dst": "BoolValue",
"per_connection_buffer_limit_bytes": "UInt32Value",
"metadata": "{...}",
"drain_type": "DEFAULT/MODIFY_ONLY",
"listener_filters": [
{
"name": "...",
"config": "{...}"
}
],
"transparent": "BoolValue",
"freebind": "BoolValue",
"socket_options": [
{
"description": "...",
"level": "...",
"name": "...",
"int_value": "...",
"buf_value": "...",
"state": "..."
}
],
"tcp_fast_open_queue_length": "UInt32Value",
"bugfix_reverse_write_filter_order": "BoolValue"
}
name是listener的名字,不能重复。
address有socket(对应socket_address)和unix socket(对应pipe)两种类型。
filter_chains是为listener配置的插件,支持下面这些插件,listener.Filter:
envoy.client_ssl_auth
envoy.echo
envoy.http_connection_manager
envoy.mongo_proxy
envoy.ratelimit
envoy.redis_proxy
envoy.tcp_proxy
listener_filters中的插件在filter_chains之前执行,支持下面这些插件,listener.ListenerFilter:
envoy.listener.original_dst
envoy.listener.tls_inspector
每个插件的配置都不相同,可以在各自的详情页中看到。
需要特别注意的是envoy.http_connection_manager,http_connection_manager插件中还有http_filters插件。
envoy.http_connection_manager
config.filter.network.http_connection_manager.v2.HttpConnectionManager
{
"codec_type": "...",
"stat_prefix": "...",
"rds": "{...}",
"route_config": "{...}",
"http_filters": [
{
"name": "...",
"config": "{...}"
}
],
"add_user_agent": "{...}",
"tracing": "{...}",
"http_protocol_options": "{...}",
"http2_protocol_options": "{...}",
"server_name": "...",
"idle_timeout": "{...}",
"stream_idle_timeout": "{...}",
"request_timeout": "{...}",
"drain_timeout": "{...}",
"delayed_close_timeout": "{...}",
"access_log": [],
"use_remote_address": "{...}",
"xff_num_trusted_hops": "...",
"internal_address_config": "{...}",
"skip_xff_append": "...",
"via": "...",
"generate_request_id": "{...}",
"forward_client_cert_details": "...",
"set_current_client_cert_details": "{...}",
"proxy_100_continue": "...",
"represent_ipv4_remote_address_as_ipv4_mapped_ipv6": "...",
"upgrade_configs": [],
"bugfix_reverse_encode_order": "{...}"
}
正如前面说的,它包含有http_filters,支持下面这些插件
envoy.buffer
envoy.cors
envoy.fault
envoy.gzip
envoy.http_dynamo_filter
envoy.grpc_http1_bridge
envoy.grpc_json_transcoder
envoy.grpc_web
envoy.health_check
envoy.header_to_metadata
envoy.ip_tagging
envoy.lua
envoy.rate_limit
envoy.router
envoy.squash
clusters – 集群
{
"name": "string, 名称,必须",
"alt_stat_name": "string, 发送状态时使用的名字,名称中:会被转换成_",
"type": "cluster 发现方式, STATIC/STRICT_DNS/LOGICAL_DNS/EDS/ORIGINAL_DST",
"eds_cluster_config": {
"eds_config": {
"path": "string,用来观测配置文件更新的路径",
"api_config_source": {
"api_type": "string,REST_LEGACY/REST/GRPC",
"cluster_names": ["string,只用于REST_LEGACY/REST,可以配置多个"],
"grpc_services": ["string,只用于GRPC,可以配置多个"],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": {
"max_tokens": "Uint32Value,默认值100",
"fill_rate": "DoubleValue,默认100 token/s"
}
},
"ads": "{ This is currently empty }"
},
"service_name": "..."
},
"connect_timeout": "{...}",
"per_connection_buffer_limit_bytes": "{...}",
"lb_policy": "负责均衡策略,ROUND_ROBIN/LEAST_REQUEST/RING_HASH/RANDOM/ORIGINAL_DST_LB/MAGLEV",
"hosts": [
{
"socket_address": "{...}",
"pipe": "{...}"
}
],
"load_assignment": {
{
"cluster_name": "...",
"endpoints": [],
"policy": {
"drop_overloads": [],
"overprovisioning_factor": "{...}"
}
}
},
"health_checks": [
{
"timeout": "{...}",
"interval": "{...}",
"interval_jitter": "{...}",
"interval_jitter_percent": "...",
"unhealthy_threshold": "{...}",
"healthy_threshold": "{...}",
"reuse_connection": "{...}",
"http_health_check": {
"host": "...",
"path": "...",
"service_name": "...",
"request_headers_to_add": [],
"request_headers_to_remove": [],
"use_http2": "..."
},
"tcp_health_check": {
"send": "{...}",
"receive": []
},
"grpc_health_check": {
"service_name": "...",
"authority": "..."
},
"custom_health_check": {
"name": "...",
"config": "{...}"
},
"no_traffic_interval": "{...}",
"unhealthy_interval": "{...}",
"unhealthy_edge_interval": "{...}",
"healthy_edge_interval": "{...}",
"event_log_path": "...",
"always_log_health_check_failures": "..."
}
],
"max_requests_per_connection": "{...}",
"circuit_breakers": {
"thresholds": []
},
"tls_context": {
"common_tls_context": "{...}",
"sni": "...",
"allow_renegotiation": "...",
"max_session_keys": "{...}"
},
"common_http_protocol_options": {
"idle_timeout": "{...}"
},
"http_protocol_options": {
"allow_absolute_url": "{...}",
"accept_http_10": "...",
"default_host_for_http_10": "..."
},
"http2_protocol_options": {
"hpack_table_size": "{...}",
"max_concurrent_streams": "{...}",
"initial_stream_window_size": "{...}",
"initial_connection_window_size": "{...}",
"allow_connect": "..."
},
"extension_protocol_options": "{...}",
"dns_refresh_rate": "{...}",
"dns_lookup_family": "AUTO/V4_ONLY/V6_ONLY",
"dns_resolvers": [],
"outlier_detection": {
"consecutive_5xx": "{...}",
"interval": "{...}",
"base_ejection_time": "{...}",
"max_ejection_percent": "{...}",
"enforcing_consecutive_5xx": "{...}",
"enforcing_success_rate": "{...}",
"success_rate_minimum_hosts": "{...}",
"success_rate_request_volume": "{...}",
"success_rate_stdev_factor": "{...}",
"consecutive_gateway_failure": "{...}",
"enforcing_consecutive_gateway_failure": "{...}"
},
"cleanup_interval": "{...}",
"upstream_bind_config": {
"source_address": "{...}",
"freebind": "{...}",
"socket_options": []
},
"lb_subset_config": {
"fallback_policy": "...",
"default_subset": "{...}",
"subset_selectors": [],
"locality_weight_aware": "...",
"scale_locality_weight": "..."
},
"ring_hash_lb_config": {
"minimum_ring_size": "{...}"
},
"original_dst_lb_config": {
"use_http_header": "..."
},
"least_request_lb_config": {
"choice_count": "{...}"
},
"common_lb_config": {
"healthy_panic_threshold": "{...}",
"zone_aware_lb_config": "{...}",
"locality_weighted_lb_config": "{...}",
"update_merge_window": "{...}"
},
"transport_socket": {
"name": "...",
"config": "{...}"
},
"metadata": "{...}",
"protocol_selection": "USE_CONFIGURED_PROTOCOL/USE_DOWNSTREAM_PROTOCOL",
"upstream_connection_options": {
"tcp_keepalive": "{...}"
},
"close_connections_on_host_health_failure": "...",
"drain_connections_on_host_removal": "..."
}
secrets – 证书
{
"name": "...",
"tls_certificate": {
"certificate_chain": "{...}",
"private_key": "{...}",
"password": "{...}"
},
"session_ticket_keys": {
"keys": []
},
"validation_context": {
"trusted_ca": "{...}",
"verify_certificate_spki": [],
"verify_certificate_hash": [],
"verify_subject_alt_name": [],
"crl": "{...}",
"allow_expired_certificate": "..."
}
}
cluster_manager – 集群管理
config.bootstrap.v2.ClusterManager
cluster_manager管理所有的upstream cluster,它封装了连接host的操作,当filter认为可以建立连接时,调用cluster_manager的API完成连接创建。 cluster_manager负责处理负载均衡、健康检查等细节。
{
"local_cluster_name": "...",
"outlier_detection": {
"event_log_path": "..."
},
"upstream_bind_config": {
"source_address": {
"protocol": "...",
"address": "...",
"port_value": "...",
"named_port": "...",
"resolver_name": "...",
"ipv4_compat": "..."
},
"freebind": "{...}",
"socket_options": [
{
"description": "...",
"level": "...",
"name": "...",
"int_value": "...",
"buf_value": "...",
"state": "..."
}
]
},
"load_stats_config": {
"api_type": "...",
"cluster_names": [],
"grpc_services": [],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": "{...}"
}
}
dynamic_resources – 动态发现
config.bootstrap.v2.Bootstrap.DynamicResources
lds_config、cds_config、ads_config的格式是完全相同的。
{
"lds_config": {
"api_type": "string,REST_LEGACY/REST/GRPC",
"cluster_names": ["string,只用于REST_LEGACY/REST,可以配置多个"],
"grpc_services": ["string,只用于GRPC,可以配置多个"],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": {
"max_tokens": "Uint32Value,默认值100",
"fill_rate": "DoubleValue,默认100 token/s"
}
},
"cds_config": {
"api_type": "...",
"cluster_names": [],
"grpc_services": [],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": "{...}"
},
"ads_config": {
"api_type": "...",
"cluster_names": [],
"grpc_services": [],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": "{...}"
}
}
hds_config – 健康检查
{
"api_type": "...",
"cluster_names": [],
"grpc_services": [],
"refresh_delay": "{...}",
"request_timeout": "{...}",
"rate_limit_settings": "{...}"
}
参考
