Getting istio, envoy now appears essential to take the time to look at it.
What is the Envoy
We describe some citing the official website:
Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures. The project was born out of the belief that: "The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem."
Envoy's core functionality / selling point
- Non-invasive architecture:
Envoyis running in parallel and application services, application services transparently proxy sent / received traffic. Application service only andEnvoycommunication, without knowing where the other micro-service applications. - Modern C ++ 11 Based on excellent performance.
- L3 / L4 filter architecture:
Envoythe core of a L3 / L4 agent, and then filter through a plug-in (network filtersto perform TCP / UDP-related tasks) chain, such as TCP forwarding, the TLS authentication work. - HTTP L7 filter architecture: HTTP is a very special position in the modern application layer protocol in the application system, it
Envoybuilt a very central filter:http_connection_manager.http_connection_managerItself is so special and complex, rich configuration support, and filter architecture itself, through a series http filter (http filtersto achieve the http protocol level tasks), for example: http routing, redirection, CORS support and so on. - HTTP / 2 as the first citizen:
Envoysupport for HTTP / 1.1 and HTTP / 2, is recommended to use HTTP / 2. - gRPC support: because of the good support for HTTP / 2, and
Envoycan easily support gRPC, especially the load and agent. - Service discovery: discovery program supports a variety of services, including DNS, EDS, including.
- Health check: built-health inspection subsystem.
- Advanced load balancing scheme: Besides the usual load balancing, Envoy also supports a variety of advanced load balancing scheme rate limit services include: automatic retries, circuit breaking, global rate limiting
- Tracing: Open Tracing easily integrated system to track requests
- Statistics and Monitoring: Built-in stats module for easy integration monitoring programs such as prometheus / statsd etc.
- Dynamic configuration: "Dynamic Configuration API" dynamic adjustment configuration, without having to restart
Envoythe service.
Core Terminology
Host
Host Here, it is understood by IP, Port only service instance identified
Downstream
Sends a request to the Host is Envoy Downstream (downstream), the client gRPC e.g.
Upstream
Host received request is issued Enovy Upstream (upstream), the server gRPC e.g.
Listener
An address Envoy listening, such as ip: port, unix socket etc.
Cluster
Upstream of a consistent set of features Host, is called a cluster. Similar to k8sthe Service, nginxtheupstream
Http Route Table
HTTP routing rules, such as the requested domain name, Path in line with what the rules, which forwarded to the Cluster.
The only static configuration file used:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 7777 }
filter_chains:
- filters:
- name: envoy.http_connection_manager
config:
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: some_service }
http_filters:
- name: envoy.router
clusters:
- name: some_service
connect_timeout: 0.25s
type: STATIC
lb_policy: ROUND_ROBIN
hosts: [{ socket_address: { address: 127.0.0.1, port_value: 8000 }}]
