envoy静态配置

注：本文基于envoy1.18.2编写

1 关于envoy

envoy是一个7层的反向代理和通信总线，为大型的现代SOA（面向服务架构）而设计。有以下优势，

1. 进程外架构，独立于主服务进程，作为side car服务，接管流量，从而实现各种服务以外的通用功能，如服务发现，负载均衡，跟踪，统计和监控等
2. 支持L3/L4层的包过滤
3. 支持L7的应用层过滤
4. …

2 安装

可以直接通过yum安装，

curl -sL 'https://rpm.dl.getenvoy.io/public/config.rpm.txt?distro=el&codename=7' > /etc/yum.repos.d/tetrate-getenvoy-rpm-stable.repo
yum install getenvoy-envoy --disablerepo='*' --enablerepo='tetrate-getenvoy-rpm-stable'

安装完成后，查看下版本信息，

[root@master ~]# envoy --version

envoy  version: d362e791eb9e4efa8d87f6d878740e72dc8330ac/1.18.2/clean-getenvoy-76c310e-envoy/RELEASE/BoringSSL

3 配置

既然envoy是一个反向代理服务，那我们就来测试下，比如反向代理下百度。

我们的目的是把以.test.com结尾的域名请求都代理到百度，那么我们的配置可以这么写，

static_resources:

  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          http_filters:
          - name: envoy.filters.http.router
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*.test.com"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite_literal: www.baidu.com
                  cluster: service_baidu

  clusters:
  - name: service_baidu
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    connect_timeout: 6s
    load_assignment:
      cluster_name: service_baidu
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: www.baidu.com
                port_value: 443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        sni: www.baidu.com

这里我们设置envoy监听10000号端口，访问日志打印到标准输出，也就是console上。每个字段具体的含义可以查看对应的api文档。

4 测试

然后我们用该配置启动服务，

envoy -c envoy.yaml 

接着用curl命令测试一下，

[root@master ~]#  curl -x 192.168.0.110:10000  'http://www.nihao.test.com' -I
HTTP/1.1 200 OK
accept-ranges: bytes
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
content-length: 277
content-type: text/html
date: Wed, 06 Apr 2022 14:09:00 GMT
etag: "575e1f72-115"
last-modified: Mon, 13 Jun 2016 02:50:26 GMT
pragma: no-cache
server: envoy
x-envoy-upstream-service-time: 79

[root@master ~]# curl -x 192.168.0.110:10000  'http://www.nihao.com' -I
HTTP/1.1 404 Not Found
date: Wed, 06 Apr 2022 14:09:10 GMT
server: envoy
transfer-encoding: chunked

此时在envoy运行的窗口就能看到对应的access.log,

[2022-04-06T14:09:00.347Z] "HEAD / HTTP/1.1" 200 - 0 0 80 79 "-" "curl/7.29.0" "679dd841-5feb-4f88-b547-e0d568ff9cc3" "www.baidu.com" "14.215.177.38:443"
[2022-04-06T14:09:11.044Z] "HEAD / HTTP/1.1" 404 NR 0 0 0 - "-" "curl/7.29.0" "a72011fc-eb9c-4a66-a35d-3dd9a4c2ce7a" "www.nihao.com" "-"

可见请求符合我们的预期，www.nihao.test.com被代理到baidu，而www.nihao.com则未匹配任何规则，因此返回404.

---

参考文档：

1. https://www.envoyproxy.io/docs/envoy/latest/intro/what_is_envoy
2. https://www.envoyproxy.io/docs/envoy/latest/api-v3/listeners/listeners
3. https://www.envoyproxy.io/docs/envoy/latest/api-v3/clusters/clusters