Envoy HTTP流量管理 路由配置
路由配置:
路由匹配:
基础匹配:prefix、path、regex(safe_regex)
高级匹配:headers和query_patameters
路由:
路由(route)
重定向(redirect)
直接响应(direct_response)
高级流量管理:
流量迁移:基于流量的灰度发布
流量分格:分割到不同的集群,蓝绿部署
流量镜像:AB测试,复制流量到新集群上对比新旧生成的结果
故障注入:在系统中放入猴子让其到处破坏,测试集群是否能够应付故障
超时和重试:超时和重试
CORS(跨域资源共享):跨域资源共享
HTTP高级路由:
将域名映射到虚拟主机
path的前缀(prefix)匹配、精确匹配或正则表达式匹配
虚拟主机级别的TLS重定向
path级别的path/host重定向
由Envoy直接生成响应报文
显式host rewrite
prefix rewrite
基于HTTP标头或路由配置的请求重试与请求超时
基于运行时参数的流年迁移
基于权重或百分比的跨集群流年分割
基于任意标头匹配路由规则
基于优先级的路由
基于hash策略路由
虚拟主机路由配置:
{ "name": "...", "domains": [], # 域名 "routes": [], # 路由表 "require_tls": "...", "virtual_clusters": [], "rate_limits": [], # 限流 "request_headers_to_add": [], # 请求加标头 "request_headers_to_remove": [], "response_headers_to_add": [], # 响应加标头 "response_headers_to_remove": [], "cors": "{...}", # 跨站引用资源限制 "per_filter_config": "{...}", "typed_per_filter_config": "{...}", "include_request_attempt_count": "...", "retry_policy": "{...}", # 重试策略 "hedge_policy": "{...}" }
HTTP路由及配置框架:
listeners: - name: address: {...} filter_chians: [] - filters: - name: envoy.http_connection_manager config: ... route_config: name: ... virutal_hosts: [] - name: ... domains: [] # 虚拟主机的域名, 路由匹配时将请求报文中的host标头值与此处列表项进行匹配检测 routes: [] # 路由条目, 匹配到当前虚拟主机的请求中的path匹配检测将针对各route中由match定义条件进行 - name: ... match: {...} prefix|path|regex: ... #基于路径前缀、 路径或正则表达式三者之一定义匹配条件 route: {...} cluster|cluster_header|weighted_cluster: ...# 基于集群、 请求报文中的集群标头或加权集群( 流量分割) 定义路由目标; virtual_clusters: [] #为此虚拟主机定义的用于收集统计信息的虚拟集群列表; ... ...
域名搜索顺序:
精确匹配检查:如:www.example.com.
前缀匹配检查:*.example.com *-envoy.example.com
后缀匹配检查:example.* example-*.
万能匹配:*
路由基础匹配框架:
路由匹配:
基础匹配条件:prefix、path、regex 使用三个其中的一个。
{ "prefix": "...", # path前缀匹配条件 "path": "...", # path精确匹配条件 "regex": "...", # 整个path( 不包含query字串) 必须与指定的正则表达式匹配 "case_sensitive": "{...}", # 大小写敏感时的匹配机制 "runtime_fraction": "{...}", "headers": [], "query_parameters": [], "grpc": "{...}" }
基于标头的路由匹配:
exact_match:精确匹配
regex_match:整个值与正则表达式匹配
range_match:值范围匹配
present_match:标头存在性匹配
prefix_match:值前缀匹配
suffix_match:值后缀匹配
invert_match:将匹配结果取反,默认为false
基于查询参数的路由匹配:
query_parameters: name: "..." value: "..." regex: "{...}" # 布尔型值, 用于判断指定的参数的数据是否为正则表达式, 建议改为使用string_match中的safe_regex; string_match: "{...}" # 参数值的字符串匹配检查, 支持使用以下五种检查方式其中之一进行字符串匹配 exact: "..." prefix: "..." suffix: "..." regex: "..." safe_regex: "{...}" present_match: "..."
重定向:
协议重定向:https_redirect或scheme_redirect二者之一
主机重定向:host_redirect
端口重定向:port_redirect
路径重定向:path_redirect
路径前缀重定向:prefix_redirect
重设响应码:response_code,默认为301
strip_query:是否在重定向期间删除URL的查询参数 ,默认为false。
直接响应请求:如错误请求
direct_response:
{ "status": "...", # 响应码 "body": "{...}" # 响应内容 }
响应正文可省略, 默认为空; 需要指定时应该由body通过如下三种方式之一给出数据源
{ "filename": "...", # 本地文件数据源 "inline_bytes": "...", # 内联字节 "inline_string": "..." # 内联字符串 }
路由到指定的集群:
cluster:指定的上游集群
cluster_header:请求标头中的cluster_header的指定的上游集群
weighted_clusters:基于权重减请求路由到多个上游的集群
示例:
admin: access_log_path: "dev/null" address: socket_address: address: 0.0.0.0 port_value: 9901 static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 80 name: listener_http filter_chains: - filters: - name: envoy.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: auto stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: vh_001 domains: ["ilinux.io","*.ilinux.io","ilinux.*"] routes: - match: path: "/service/blue" route: cluster: blue - match: regex: "^/service/.*blue$" redirect: path_redirect: "/service/blue" - match: prefix: "/service/yellow" direct_response: status: 200 body: inline_string: "This page will be provided soon later.\n" - match: prefix: "/" route: cluster: red - name: vh_002 domains: ["*"] routes: - match: prefix: "/" route: cluster: gray http_filters: - name: envoy.router clusters: - name: blue connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: blue endpoints: - lb_endpoints: - endpoint: address: socket_address: address: blue port_value: 80 - name: red connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: red endpoints: - lb_endpoints: - endpoint: address: socket_address: address: red port_value: 80 - name: green connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: green endpoints: - lb_endpoints: - endpoint: address: socket_address: address: green port_value: 80 - name: gray connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: gray endpoints: - lb_endpoints: - endpoint: address: socket_address: address: gray port_value: 80
示例2:
admin: access_log_path: "/dev/null" address: socket_address: address: 0.0.0.0 port_value: 9901 static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 80 name: listener_http filter_chains: - filters: - name: envoy.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager codec_type: auto stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: vh_001 domains: ["*"] routes: - match: prefix: "/" headers: - name: X-Canary exact_match: "true" route: cluster: ver-1.7-pre - match: prefix: "/" query_parameters: - name: "username" string_match: prefix: "vip_" route: cluster: ver-1.6 - match: prefix: "/" route: cluster: ver-1.5 http_filters: - name: envoy.router clusters: - name: ver-1.5 connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: ver-1.5 endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ver-1.5 port_value: 80 - name: ver-1.6 connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: ver-1.6 endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ver-1.6 port_value: 80 - name: ver-1.7-pre connect_timeout: 0.25s type: STRICT_DNS lb_policy: ROUND_ROBIN http2_protocol_options: {} load_assignment: cluster_name: ver-1.7-pre endpoints: - lb_endpoints: - endpoint: address: socket_address: address: ver-1.7-pre port_value: 80