Envoy HTTP流量管理 路由配置
路由配置:
路由匹配:
基础匹配:prefix、path、regex(safe_regex)
高级匹配:headers和query_patameters
路由:
路由(route)
重定向(redirect)
直接响应(direct_response)
高级流量管理:
流量迁移:基于流量的灰度发布
流量分格:分割到不同的集群,蓝绿部署
流量镜像:AB测试,复制流量到新集群上对比新旧生成的结果
故障注入:在系统中放入猴子让其到处破坏,测试集群是否能够应付故障
超时和重试:超时和重试
CORS(跨域资源共享):跨域资源共享
HTTP高级路由:
将域名映射到虚拟主机
path的前缀(prefix)匹配、精确匹配或正则表达式匹配
虚拟主机级别的TLS重定向
path级别的path/host重定向
由Envoy直接生成响应报文
显式host rewrite
prefix rewrite
基于HTTP标头或路由配置的请求重试与请求超时
基于运行时参数的流年迁移
基于权重或百分比的跨集群流年分割
基于任意标头匹配路由规则
基于优先级的路由
基于hash策略路由
虚拟主机路由配置:
{
"name": "...",
"domains": [], # 域名
"routes": [], # 路由表
"require_tls": "...",
"virtual_clusters": [],
"rate_limits": [], # 限流
"request_headers_to_add": [], # 请求加标头
"request_headers_to_remove": [],
"response_headers_to_add": [], # 响应加标头
"response_headers_to_remove": [],
"cors": "{...}", # 跨站引用资源限制
"per_filter_config": "{...}",
"typed_per_filter_config": "{...}",
"include_request_attempt_count": "...",
"retry_policy": "{...}", # 重试策略
"hedge_policy": "{...}"
}HTTP路由及配置框架:
listeners:
- name:
address: {...}
filter_chians: []
- filters:
- name: envoy.http_connection_manager
config:
...
route_config:
name: ...
virutal_hosts: []
- name: ...
domains: [] # 虚拟主机的域名, 路由匹配时将请求报文中的host标头值与此处列表项进行匹配检测
routes: [] # 路由条目, 匹配到当前虚拟主机的请求中的path匹配检测将针对各route中由match定义条件进行
- name: ...
match: {...}
prefix|path|regex: ... #基于路径前缀、 路径或正则表达式三者之一定义匹配条件
route: {...}
cluster|cluster_header|weighted_cluster: ...# 基于集群、 请求报文中的集群标头或加权集群( 流量分割) 定义路由目标;
virtual_clusters: [] #为此虚拟主机定义的用于收集统计信息的虚拟集群列表;
...
...域名搜索顺序:
精确匹配检查:如:www.example.com.
前缀匹配检查:*.example.com *-envoy.example.com
后缀匹配检查:example.* example-*.
万能匹配:*
路由基础匹配框架:
路由匹配:
基础匹配条件:prefix、path、regex 使用三个其中的一个。
{
"prefix": "...", # path前缀匹配条件
"path": "...", # path精确匹配条件
"regex": "...", # 整个path( 不包含query字串) 必须与指定的正则表达式匹配
"case_sensitive": "{...}", # 大小写敏感时的匹配机制
"runtime_fraction": "{...}",
"headers": [],
"query_parameters": [],
"grpc": "{...}"
}基于标头的路由匹配:
exact_match:精确匹配
regex_match:整个值与正则表达式匹配
range_match:值范围匹配
present_match:标头存在性匹配
prefix_match:值前缀匹配
suffix_match:值后缀匹配
invert_match:将匹配结果取反,默认为false
基于查询参数的路由匹配:
query_parameters:
name: "..."
value: "..."
regex: "{...}" # 布尔型值, 用于判断指定的参数的数据是否为正则表达式, 建议改为使用string_match中的safe_regex;
string_match: "{...}" # 参数值的字符串匹配检查, 支持使用以下五种检查方式其中之一进行字符串匹配
exact: "..."
prefix: "..."
suffix: "..."
regex: "..."
safe_regex: "{...}"
present_match: "..."重定向:
协议重定向:https_redirect或scheme_redirect二者之一
主机重定向:host_redirect
端口重定向:port_redirect
路径重定向:path_redirect
路径前缀重定向:prefix_redirect
重设响应码:response_code,默认为301
strip_query:是否在重定向期间删除URL的查询参数 ,默认为false。
直接响应请求:如错误请求
direct_response:
{
"status": "...", # 响应码
"body": "{...}" # 响应内容
}响应正文可省略, 默认为空; 需要指定时应该由body通过如下三种方式之一给出数据源
{
"filename": "...", # 本地文件数据源
"inline_bytes": "...", # 内联字节
"inline_string": "..." # 内联字符串
}路由到指定的集群:
cluster:指定的上游集群
cluster_header:请求标头中的cluster_header的指定的上游集群
weighted_clusters:基于权重减请求路由到多个上游的集群
示例:
admin:
access_log_path: "dev/null"
address:
socket_address:
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 80
name: listener_http
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: vh_001
domains: ["ilinux.io","*.ilinux.io","ilinux.*"]
routes:
- match:
path: "/service/blue"
route:
cluster: blue
- match:
regex: "^/service/.*blue$"
redirect:
path_redirect: "/service/blue"
- match:
prefix: "/service/yellow"
direct_response:
status: 200
body:
inline_string: "This page will be provided soon later.\n"
- match:
prefix: "/"
route:
cluster: red
- name: vh_002
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: gray
http_filters:
- name: envoy.router
clusters:
- name: blue
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: blue
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: blue
port_value: 80
- name: red
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: red
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: red
port_value: 80
- name: green
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: green
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: green
port_value: 80
- name: gray
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: gray
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: gray
port_value: 80示例2:
admin:
access_log_path: "/dev/null"
address:
socket_address:
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- address:
socket_address:
address: 0.0.0.0
port_value: 80
name: listener_http
filter_chains:
- filters:
- name: envoy.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: vh_001
domains: ["*"]
routes:
- match:
prefix: "/"
headers:
- name: X-Canary
exact_match: "true"
route:
cluster: ver-1.7-pre
- match:
prefix: "/"
query_parameters:
- name: "username"
string_match:
prefix: "vip_"
route:
cluster: ver-1.6
- match:
prefix: "/"
route:
cluster: ver-1.5
http_filters:
- name: envoy.router
clusters:
- name: ver-1.5
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: ver-1.5
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ver-1.5
port_value: 80
- name: ver-1.6
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: ver-1.6
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ver-1.6
port_value: 80
- name: ver-1.7-pre
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: ver-1.7-pre
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: ver-1.7-pre
port_value: 80