《玩转Envoy+落地自研Service+Mesh》-殷湘

1 .ሻ᫨ Envoy ៧ࣈᛔᎸ ServiceMesh ྨე ௏რ ṛᕆຝ຅ӫਹ 

2 .ྨე ṛᕆຝ຅ӫਹ © syswin.com, Inc. property • 2018.01 - present ௏რ ౴ኼፓຽғ຅᭜“ฬ్ᐒտ“ଘ‫޾ݣ‬ኞா ࠟӱᇙᜋғBᒒᑏۖ԰ᘶᗑᶾ‫ض‬մӱ • 2017.04 - 2018.01 ܏ԅ ໼మғӞӻ App App ኱Ձಅํ๐‫(ۓ‬ᘶള) • Apache ServiceComb committer ᭗ҁtoon҂‫ݻ‬๚๶ 

3 .• ᙧว • ೪ғEnvoy ૡ֢ܻቘ • ჿғWhy Envoy? • ‫׵‬ғᛔᎸServiceMesh 

4 . ๐‫ۓ‬۸ଃ๶ጱ೴౴ ‫ ړ‬- ๐‫ᦇᦡۓ‬Өೆ‫ړ‬ ᓕ - ग़๐‫ۓ‬ᬩᖌᓕቘ ഴ - ӧᑞਧጱᗑᕶ • ᮱ᗟ‫܋‬ᕆ • ፊഴ̵᧣አ᱾᭄᪵ • ๐‫ݎۓ‬ሿ • ๐‫ۓ‬ᘠ‫ݳ‬ଶ • ᅍଶ‫૲ݎ‬ • ๐‫ۓ‬᪠ኧ • ӱ‫॔ۓ‬๥ଶ • ᗑ‫ى‬ • ᩻෸୊᬴᯿ᦶ • ӱ‫ۓ‬ຝ຅Өᔮᕹຝ຅ᕹӞ • ෭ப • හഝӞᛘ௔ • ۖாᯈᗝ 

5 . ᧘ग़ᳯ᷌Өᗑᕶፘ‫ى‬ ‫ ړ‬- ๐‫ᦇᦡۓ‬Өೆ‫ړ‬ ᓕ - ग़๐‫ۓ‬ᬩᖌᓕቘ ഴ - ӧᑞਧጱᗑᕶ • ᮱ᗟ‫܋‬ᕆ • ፊഴ̵᧣አ᱾᭄᪵ • ๐‫ݎۓ‬ሿ • ๐‫ۓ‬ᘠ‫ݳ‬ଶ • ᅍଶ‫૲ݎ‬ • ๐‫ۓ‬᪠ኧ • ӱ‫॔ۓ‬๥ଶ • ᗑ‫ى‬ • ᩻෸୊᬴᯿ᦶ • ӱ‫ۓ‬ຝ຅Өᔮᕹຝ຅ᕹӞ • ෭ப • හഝӞᛘ௔ • ۖாᯈᗝ 

6 . ቘమጱᥴ٬ොໜ ‫ق‬ ฃ ଠ ᥴ٬ಅํӨᗑᕶፘ‫ى‬ጱ ᜓ፜ӱ‫ࢫۓ‬ᴚᵞ౮౮๜ ඪ೮ग़᧍᥺ ๐‫ۓ‬လቘᳯ᷌ • ፊഴ • ੝ද (๋অӧද) ሿํդᎱ • ๐‫ݎۓ‬ሿ • Java • Go • ᧣አ᱾᭄᪵ • ‫܋‬ᕆ੒ӱ‫ߥ୽ۓ‬ੜ (෫୽ߥ) • ๐‫ۓ‬᪠ኧ • C++ • Python • ᅍଶ‫૲ݎ‬ • ਍ԟ̵ᵞ౮ᳪད֗ • ᩻෸୊᬴᯿ᦶ • C# • Nodejs • ᗑ‫ى‬ • ‫ݢ‬೑ൊ 

7 .᩻૱ጱᭆᨵᳯ᷌ ? ᛔୌ vs դቘ 

8 . ᛔୌ ᭆᨵӱ‫ۓ‬౮ԅ‫ݪل‬ጱӞ᮱‫ړ‬ 

9 . դቘ ‫ݝݪل‬ӫဳ᩻૱ӱ‫ۓ‬ 

10 . ‫؃‬ই ӱ‫ࢫۓ‬ᴚ = ᩻૱ᬩ០ ᭆᨵᳯ᷌ = ๐‫ۓ‬လቘ 

11 . SDKཛྷୗғᛔୌ • զSDKጱ୵ୗ્‫کف‬๐‫ۓ‬ᬰᑕӾ Pod A Pod B SDK౮ԅಅํӱ‫ࢫۓ‬ᴚጱᳯ᷌ SDK SDK Socket Socket TCP/IP TCP/IP Ethernet Ethernet eth0 eth0 Network 

12 . ๐‫ۓ‬ᗑ໒ғդቘ - ӱ‫ۓ‬෫ఽᎣ Pod A Pod B Service Service Mesh Mesh Socket Socket Socket Socket Socket Socket TCP/IP TCP/IP TCP/IP TCP/IP TCP/IP TCP/IP Iptables Iptables Iptables Iptables Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet Loopback eth0 Network eth0 Loopback ๐‫ۓ‬ᗑ໒ኧӫᳪದ๞ࢫᴚᨮᨱ҅ӱ‫ࢫۓ‬ᴚ‫ݝ‬ӫဳӱ‫ۓ‬ https://github.com/istio/istio/wiki/Proxy-redirection 

13 . ቘమጱᥴ٬ොໜ ‫ق‬ ฃ ଠ ᥴ٬ಅํӨᗑᕶፘ‫ى‬ጱ ᜓ፜ӱ‫ࢫۓ‬ᴚᵞ౮౮๜ ඪ೮ग़᧍᥺ ๐‫ۓ‬လቘᳯ᷌ • ፊഴ • ੝ද (๋অӧද) ሿํդᎱ • ๐‫ݎۓ‬ሿ • Java • Go • ᧣አ᱾᭄᪵ • ‫܋‬ᕆ੒ӱ‫ߥ୽ۓ‬ੜ (෫୽ߥ) • ๐‫ۓ‬᪠ኧ • C++ • Python • ᅍଶ‫૲ݎ‬ • ਍ԟ̵ᵞ౮ᳪད֗ • ᩻෸୊᬴᯿ᦶ • C# • Nodejs • ᗑ‫ى‬ • ‫ݢ‬೑ൊ 

14 . ServiceMesh = ഴ‫ګ‬ᶎ + හഝᶎ ᓕቘդቘᥢ‫ڞ‬ ᵞӾᓕഴෆӻᔮᕹᗑᕶ դቘ᧗࿢හഝ ஙᥡ ਡᥡ http://philcalcado.com/2017/08/03/pattern_service_mesh.html 

15 . ๐‫ۓ‬ᗑ໒ጱᄍᬰ ഴ‫ګ‬ᶎ + හഝᶎ ഴ‫ګ‬ᶎ + හഝᶎ හഝᶎ හഝᶎ හഝᶎ Istio 2016.01 2016.09 2017.05 2017.09 2017.12 Buoyant Lyft Google/IBM/Lyft Nginx Buoyant ૪ࠟአ ૪ࠟአ ‫ࠟݢ‬አጱഴ‫ګ‬ᶎপপ๶᬴ 

16 .• ᙧว • ೪ғEnvoyૡ֢ܻቘ • Why Envoy • ᛔᎸServiceMesh 

17 . Envoy 7 application HTTP ๐‫ݎۓ‬ሿ ؋଼༄ັ 6 presentation ᨮ᫹࣐ᤍ ᗑᕶፊഴ 5 session ᴴၞ ᧣አ᱾᭄᪵ 4 transport TCP 3 network IP ᆤෙ ၞᰁ॔‫ګ‬ 2 data-link ᯿ᦶ ᅾ᯿‫ސ‬ 1 physical ᩻෸ ۖா᪠ኧ ๐‫ۓ‬ᗑ‫ى‬/๐‫ۓ‬դቘ L3/4/7 proxy ๐‫ۓ‬လቘ‫ۑ‬ᚆ ඪ೮SSL HTTP2.0 

18 . Envoy ໐ஞ༷ஷ cluster • Clusterғᵞᗭ endpoint endpoint endpoint • EndpointғᵞᗭӾጱᜓᅩ • Listenerғᒒ‫ݗ‬ • RouteConfigurationғ᪠ኧᥢ‫ڞ‬ Envoy Envoy Envoy cluster listener Envoy Envoy Envoy Envoy route config endpoint endpoint endpoint Font Awesome by Dave Gandy - https://fortawesome.github.com/Font-Awesome 

19 . Envoy ۖாᯈᗝ Pod A • xDS: x discovery service Envoy • CDS: Clusters DS • EDS: Endpoints DS xDS HTTP2.0 cache grpc • LDS: Listeners DS ୑ྍӥ‫ݎ‬ • RDS: RouteConfigurations DS Envoy Pod B • ADS = LDS + LDS + CDS + EDS ਫሿഴ‫ګ‬ᶎ = ਫሿxDSᯈᗝӥ‫ݎ‬ 

20 . CDSғᵞᗭ‫௳מ‬ • Local cluster • in.9080 • Remote clusters reviews ratings details • reviews CDS [node.id: 10.244.1.22…] Envoy • ratings Pod CDS • [review, ratings, details] • details in.9080 [ in.9080 -> 127.0.0.1:9080, reviews -> eds, ratings -> eds, details -> eds] 

21 . CDSᐏֺғᆤෙ Envoy HTTP2.0 max_requests CDS "name": “reviews", "circuit_breakers": { Envoy Envoy Envoy "default": { "max_connections": 1024, "max_pending_requests": 1024, "max_requests": 1024, "max_retries": 3 } } Envoy type: EDS queue: max_pending_requests eds_cluster_config { HTTP1.1 eds_config { ads { } Envoy Envoy Envoy } max_connections service_name: “reviews" } 

22 . EDSғᵞᗭᜓᅩ‫௳מ‬ ratings details CDS CDS • [ratings, reviews, details] reviews clusters: [ratings, reviews, details] EDS Envoy EDS[ratings, reviews, details] • ratings: [10.244.1.21:1234], • reviews: [ 10.244.2.22:9080, Pod endpoints: { 10.244.2.89:9080 ratings: […], ], reviews: […], • details: [10.244.1.23:5678], details: […] } 

23 . EDSᐏֺғᅍଶ‫૲ݎ‬ cluster_name: "reviews" endpoints { ᨮ᫹ྲֺᦇᓒ (ইӧᘍᡤAZ) lb_endpoints { v1 lb% = weight_v1 / (weight_v1 + weight_v2) endpoint { address { v2 lb% = weight_v2 / (weight_v1 + weight_v2) socket_address { address: "10.244.1.21" port_value: 9080 http://reviews:9080/ } } } 1% 99% load_balancing_weight { value: 1 } } lb_endpoints { v2 v1 endpoint { address { Envoy Envoy … } } cluster: reviews load_balancing_weight { value: 99 } } 

24 . LDS :1234 :5678 request • gate listener http://reviews:9080/ ratings details (http://10.244.1.22:9080) • 0.0.0.0:15001 gate LDS [node.id: 10.244.1.22…] 0.0.0.0:15001 • ingress listeners Ingress Egress 10.244.1.22:9080 0.0.0.0:1234 0.0.0.0:5678 listeners: [ • pod_ip:endpoint_port 0.0.0.0:1234 -> rds, in.9080 10.244.1.22:9080 -> in.9080, • egress listeners 0.0.0.0:5678 -> rds] request LDS • 0.0.0.0:endpoint_port http://ratings:1234/ • 0.0.0.0:1234 -> rds • 0.0.0.0:5678 -> rds in.9080 reviews 10.244.1.22:9080 

25 . RDSғ᪠ኧᥢ‫ڞ‬ ratings details LDS gate ۖா᪠ኧ? listeners[…] LDS 0.0.0.0:15001 • 0.0.0.0:9080 -> 9080 • … Ingress Egress 10.244.1.22:9080 0.0.0.0:9080 RDS RDS[9080] • { 9080: [{ domain: ratings:9080, routes: {9080: […]} cluster: ratings request }, { http://ratings:9080/ domain: details:9080, cluster: details }], … } reviews 

26 . RDSᐏֺғ໑ഝአಁ‫ݷ‬᪠ኧ • አಁ‫ = ݷ‬Jason -> reviews v2 name: 9080 virtual_hosts { cluster: reviews|v1 name: "reviews" domains: "reviews:9080" routes { match { v1 prefix: "/" headers { Envoy name: "cookie" value: "^(.*?;)?(user=jason)(;.*)?$" regex { cluster: reviews|v2 value: true } } } v2 route { cluster: "reviews|v2" Envoy } … 

27 . ೪ғ᧗࿢᪠ኧၞᑕ details Envoy 10.244.1.21:9080 10.244.1.21:9080 details:9080 details 10.244.1.22:9080 10.244.1.22:9080 http://ratings:9080 ratings 9080 ऒ‫ݷ‬ 10.244.1.10:9080 10.244.1.10:9080 15001 ᒒ‫ݗ‬ 10.244.1.11:9080 ratings:9080 ratings 10.244.1.11:9080 reviews 10.244.1.31:5678 5678 reviews:5678 reviews 10.244.1.31:5678 10.244.1.32:5678 10.244.1.32:5678 listeners routes clusters endpoints ۖா᪠ኧ ᆤෙᴴၞ ᨮ᫹࣐ᤍ ᩻෸᯿ᦶ 

28 .• ᙧว • Envoyૡ֢ܻቘ • ჿғWhy Envoy? • ᛔᎸServiceMesh 

29 . Envoy ਫ‫@( ێ‬Lyft) ᙧԡ ᖌಷᘏ • ᓕቘ >100ӻ๐‫ۓ‬ Lyft • ᪜᩼10,000ӻᡦ೙๢ Google Istio ጱἕᦊහഝᶎ • ྯᑁ॒ቘ2ጯӡ᧗࿢ Apple TurbineLabs • ૪‫فے‬CNCF