引言
本文就Envoy的基本概念、原理和常用命令进行整理汇总。
一、基本概念
Istio的核心组件,作为sideCar与应用部署在一个Pod中,作为代理流量的进出均需经过Envoy所在的容器,除了代理外还可根据规则进行流量治理、监控等功能。
Upstream Host: 上游主机,接受envoy的连接和请求并返回响应
Downstream Host: 下游主机,向envoy发起请求并接受响应
Enovy Mesh: 由一组Envoy组成的拓扑网络
Listener: 监听器负责监听数据端口,接受下游的连接和请求,下游主机通过Listener连接Envoy
Cluster: 集群管理后端服务服务的连接池、服务的健康检查、服务熔断等
Filter: 支持多种过滤器Listener Filter、Network Filter、L7 Filter等,组成filter链条,执行不同的流量治理逻辑。
协议支持:
L3/L4网络代理,支持TCP、HTTP代理和TLS认证
L7代理,支持Buffer、限流等高级功能
L7路由,支持通过路径、权限、请求内容、运行时间等参数重定向路由请求
在HTTP模式下支持HTTP1.1和HTTP/2,同时支持基于HTTP/2的gRPC
线程模型
一个Envoy进程包括一个Server主线程和一个GuardDog守护线程
Server主线程:负责管理Access Log以及解析上游主机的DNS。Access Log根据配置信息访问来处理Enovy访问记录,DNS解析将统一配置的域名解析成IP并缓存在本地DNS缓存中。
一个Envoy进程可以配置多个Listener,推荐配置一个,每个Listener可创建若干线程默认为核数,每个线程对应一个Worker。
一旦某个客户端连接进入Envoy中的某个线程,则连接断开之前的逻辑都在该线程内处理。例如:处理Client请求对应的TCP filter,解析协议和重新编码,与上游主机建立连接并处理返回数据等。
内存管理
内存管理分为变量管理和Buffer管理:
- 变量管理:C 运行过程中创建的实例
- Buffer管理:数据接收、编解码等过程中临时存储数据的Buffer,通过malloc分配
流量控制
- 如果上游主机处理过慢会在buffer积压,通过设置上下水位的阈值来控制
- 通过Envoy设置全局连接数来限制
主要模块
- Network模块 抽象Socket提供读写功能
- Network Filter模块 过滤数据流量Listener Filter、Read Filter、Write Filter
- L7 protocol模块包含HTTP、HTTP/2、gRPC
- L7 filters模块与HTTP相关的认证、限流、路由等
- Server Manager模块管理Worker管理、启动管理、配置管理和日志等
- L7 Connection Manager模块包括建立连接、复用连接等功能
- Cluster Manger模块集群管理模块包括hosts管理、负载均衡、健康检查等
二、Enovy命令汇总
1.help命令说明:打印命令帮助信息
代码语言:javascript复制curl 127.0.0.1:15000/help
admin commands are:
/: Admin home page
/certs: print certs on machine
/clusters: upstream cluster status
/config_dump: dump current Envoy configs (experimental)
/contention: dump current Envoy mutex contention stats (if enabled)
/cpuprofiler: enable/disable the CPU profiler
/drain_listeners: drain listeners
/healthcheck/fail: cause the server to fail health checks
/healthcheck/ok: cause the server to pass health checks
/heapprofiler: enable/disable the heap profiler
/help: print out list of admin commands
/hot_restart_version: print the hot restart compatibility version
/init_dump: dump current Envoy init manager information (experimental)
/listeners: print listener info
/logging: query/change logging levels
/memory: print current allocation/heap usage
/quitquitquit: exit the server
/ready: print server state, return 200 if LIVE, otherwise return 503
/reopen_logs: reopen access logs
/reset_counters: reset all counters to zero
/runtime: print runtime values
/runtime_modify: modify runtime values
/server_info: print server version/status information
/stats: print server stats
/stats/prometheus: print server stats in prometheus format
/stats/recentlookups: Show recent stat-name lookups
/stats/recentlookups/clear: clear list of stat-name lookups and counter
/stats/recentlookups/disable: disable recording of reset stat-name lookup names
/stats/recentlookups/enable: enable recording of reset stat-name lookup names
2.certs命令
说明:打印证书地址、序列号和有效期
代码语言:javascript复制curl 127.0.0.1:15000/certs
{
"certificates": [
{
"ca_cert": [
{
"path": "u003cinlineu003e",
"serial_number": "ade6c290ffcee6ded23b26cb367b258c",
"subject_alt_names": [],
"days_until_expiration": "3648",
"valid_from": "2021-11-15T08:34:55Z",
"expiration_time": "2031-11-13T08:34:55Z"
}
],
// ...
]
}
3.Clsuters命令
说明:打印所有服务发现的Cluster地址、请求统计、最大连接数、最大重试次数等
代码语言:javascript复制curl 127.0.0.1:15000/clusters
outbound|50000||AppMeshClient.mesh::default_priority::max_connections::4294967295
outbound|50000||AppMeshClient.mesh::default_priority::max_pending_requests::4294967295
outbound|50000||AppMeshClient.mesh::default_priority::max_requests::4294967295
outbound|50000||AppMeshClient.mesh::default_priority::max_retries::4294967295
outbound|50000||AppMeshClient.mesh::high_priority::max_connections::1024
outbound|50000||AppMeshClient.mesh::high_priority::max_pending_requests::1024
outbound|50000||AppMeshClient.mesh::high_priority::max_requests::1024
outbound|50000||AppMeshClient.mesh::high_priority::max_retries::3
outbound|50000||AppMeshClient.mesh::added_via_api::true
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::cx_active::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::cx_connect_fail::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::cx_total::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::rq_active::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::rq_error::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::rq_success::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::rq_timeout::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::rq_total::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::hostname::
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::health_flags::healthy
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::weight::1
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::region::
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::zone::
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::sub_zone::
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::canary::false
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::priority::0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::success_rate::-1.0
outbound|50000||AppMeshClient.mesh::x.x.x.x:50000::local_origin_success_rate::-1.0
// ...
4.config_dump命令
说明:打印Envoy中所有的配置信息
代码语言:javascript复制curl 127.0.0.1:15000/config_dump
{
"name": "appofcservice:2222",
"domains": [
"appofcservice",
"appofcservice:2222",
"240.240.0.1",
"240.240.0.1:2222"
],
"routes": [
{
"match": {
"prefix": "/"
},
"route": {
"cluster": "outbound|2222||appofcservice",
"timeout": "0s",
"retry_policy": {
"retry_on": "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes",
"num_retries": 2,
"retry_host_predicate": [
{
"name": "envoy.retry_host_predicates.previous_hosts"
}
],
"host_selection_retry_max_attempts": "5",
"retriable_status_codes": [
503
]
},
"max_stream_duration": {
"max_stream_duration": "0s"
}
},
"decorator": {
"operation": "appofcservice:2222/*"
},
"name": "default"
}
],
"include_request_attempt_count": true
}
5.contention命令
说明:打印互斥锁Mutex连接信息,默认关闭
代码语言:javascript复制curl 127.0.0.1:15000/contention
Mutex contention tracing is not enabled. To enable, run Envoy with flag --enable-mutex-tracing
6.cpuprofiler命令
说明:打开关闭cpuprofiler,检查应用程序的CPU使用率和线程使用情况
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/cpuprofiler?enable=y
OK
7.drain_listeners命令
说明:断开listeners,可以指定断开入口流量和优雅关闭
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/drain_listeners
OK
代码语言:javascript复制POST /drain_listeners?inboundonly
代码语言:javascript复制POST /drain_listeners?graceful
8.healthcheck命令
说明:获取健康检查情况
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/healthcheck/fail
OK
curl -X POST http://127.0.0.1:15000/healthcheck/ok
OK
9.heapprofiler命令
说明:启动或禁用heapprofier
代码语言:javascript复制curl -X POST http://127.0.0.1:15000//heapprofiler?enable=y
Starting heap profiler
10.hot_restart_version命令
说明:查看热重启的版本
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/hot_restart_version
11.104
11.init_dump命令
说明:dump当前Envoy init manager的信息
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/init_dump
{}
12.listeners命令
说明:打印Envoy中所有listener的地址
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/listeners
6de837ce-6c33-4993-9264-59838f8a01c5::0.0.0.0:15090
8a421b9f-ebf5-4cb4-9035-e7cc6cc42493::0.0.0.0:15021
x.x.0.1_443::10.156.0.1:443
x.x.108.214_443::x.x.108.214:443
x.x.220.84_15012::x.x.220.84:15012
x.x.187.8_15443::x.x.187.8:15443
x.x.187.8_15012::x.x.187.8:15012
13.logging命令
说明:可以更改模块日志级别
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/logging?assert=error
active loggers:
admin: warning
aws: warning
assert: error
backtrace: warning
14.memory命令
说明:打印内存分配信息
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/memory
{
"allocated": "21303344",
"heap_size": "31457280",
"pageheap_unmapped": "0",
"pageheap_free": "557056",
"total_thread_cache": "8057088",
"total_physical_bytes": "34078720"
}
15.quitquitquit命令
说明:退出Envoy服务
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/quitquitquit
16.ready命令
说明:检查envoy服务是否正常活着
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/ready
LIVE
17.reopen_logs命令
说明:开启access log
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/reopen_logs
OK
18.reset_counters命令
说明:重置计数器
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/reset_counters
OK
19.runtime命令
说明:获取runtime信息数据
代码语言:javascript复制{
"entries": {
"re2.max_program_size.error_level": {
"final_value": "1024",
"layer_values": [
"1024",
"",
""
]
},
// ...
"layers": [
"deprecation",
"global config",
"admin"
]
}
20.runtime_modify命令
说明:修改运行时参数
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/runtime_modify?key1=value1&key2=value2&keyN=valueN
21.server_info命令
说明:获取Envoy服务信息
代码语言:javascript复制{
"name": "envoy.ratelimit",
"category": "envoy.filters.network",
"type_descriptor": "",
"disabled": false
},
{
"name": "envoy.redis_proxy",
"category": "envoy.filters.network",
"type_descriptor": "",
"disabled": false
},
{
"name": "envoy.tcp_proxy",
"category": "envoy.filters.network",
"type_descriptor": "",
"disabled": false
},
22.stats命令
说明:打印Envoy相关统计数据
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/stats
cluster_manager.cds.version_text: "2021-11-16T06:54:31Z/19"
listener_manager.lds.version_text: "2021-11-16T06:54:31Z/19"
cluster.xds-grpc.assignment_stale: 0
cluster.xds-grpc.assignment_timeout_received: 0
cluster.xds-grpc.bind_errors: 0
cluster.xds-grpc.circuit_breakers.default.cx_open: 0
cluster.xds-grpc.circuit_breakers.default.cx_pool_open: 0
cluster.xds-grpc.circuit_breakers.default.rq_open: 0
cluster.xds-grpc.circuit_breakers.default.rq_pending_open: 0
cluster.xds-grpc.circuit_breakers.default.rq_retry_open: 0
cluster.xds-grpc.circuit_breakers.high.cx_open: 0
cluster.xds-grpc.circuit_breakers.high.cx_pool_open: 0
cluster.xds-grpc.circuit_breakers.high.rq_open: 0
23.prometheus命令
说明:以prometheus的格式展现统计数据
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/stats/prometheus
istio_request_duration_milliseconds_count{response_code="200",reporter="destination",source_workload="mesha",source_workload_namespace="default",source_principal="unknown",source_app="mesha",source_version="unknown",source_cluster="Kubernetes",destination_workload="meshb",destination_workload_namespace="default",destination_principal="unknown",destination_app="meshb",destination_version="unknown",destination_service="AppMeshClient.mesh",destination_service_name="AppMeshClient.mesh",destination_service_namespace="default",destination_cluster="Kubernetes",request_protocol="grpc",response_flags="-",grpc_response_status="0",connection_security_policy="none",source_canonical_service="mesha",destination_canonical_service="meshb",source_canonical_revision="latest",destination_canonical_revision="latest"} 1
24.stats/recentlookups命令
说明:协助envoy开发同学定位连接问题
代码语言:javascript复制curl -X POST http://127.0.0.1:15000//stats/recentlookups/clear
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/stats/recentlookups/disable
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/stats/recentlookups/enable
OK
代码语言:javascript复制curl -X POST http://127.0.0.1:15000/stats/recentlookups
Count Lookup
total: 22