envoy 安装部署
Ubuntu
wget -O- https://apt.envoyproxy.io/signing.key | sudo gpg --dearmor -o /etc/apt/keyrings/envoy-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/envoy-keyring.gpg] https://apt.envoyproxy.io jammy main" | sudo tee /etc/apt/sources.list.d/envoy.list
sudo apt-get update
sudo apt-get install envoy
envoy --version
Mac
brew update
brew install envoy
Docker
docker pull envoyproxy/envoy:tools-v1.35.3
docker pull envoyproxy/envoy:v1.35.3
docker run --rm envoyproxy/envoy:v1.35.3 --version
docker run --rm envoyproxy/envoy:v1.35.3 --help
help
$ docker run --rm envoyproxy/envoy:v1.35.3 --version
envoy version: ff3fe7f0bb9e4ac6a283ea38bf9ee3f375530d56/1.35.3/Clean/RELEASE/BoringSSL
$ docker run --rm envoyproxy/envoy:v1.35.3 --help
USAGE:
envoy [--stats-tag <string>] ... [--enable-core-dump] [--socket-mode
<string>] [--socket-path <string>] [--disable-extensions
<string>] [--cpuset-threads] [--enable-mutex-tracing]
[--disable-hot-restart] [--mode <string>]
[--parent-shutdown-time-s <uint32_t>] [--drain-strategy <string>]
[--drain-time-s <uint32_t>] [--file-flush-interval-msec
<uint32_t>] [--service-zone <string>] [--service-node <string>]
[--service-cluster <string>] [--hot-restart-version]
[--restart-epoch <uint32_t>] [--log-path <string>]
[--enable-fine-grain-logging] [--log-format-escaped]
[--log-format <string>] [--component-log-level <string>] [-l
<string>] [--local-address-ip-version <string>]
[--admin-address-path <string>] [--skip-deprecated-logs]
[--ignore-unknown-dynamic-fields]
[--reject-unknown-dynamic-fields] [--allow-unknown-static-fields]
[--allow-unknown-fields] [--config-yaml <string>] [-c <string>]
[--concurrency <uint32_t>] [--base-id-path <string>]
[--skip-hot-restart-parent-stats]
[--skip-hot-restart-on-no-parent] [--use-dynamic-base-id]
[--base-id <uint32_t>] [--] [--version] [-h]
Where:
--stats-tag <string> (accepted multiple times)
This flag provides a universal tag for all stats generated by Envoy.
The format is ``tag:value``. Only alphanumeric values are allowed for
tag names. For tag values all characters are permitted except for '.'
(dot). This flag can be repeated multiple times to set multiple
universal tags. Multiple values for the same tag name are not
allowed.
--enable-core-dump
Enable core dumps
--socket-mode <string>
Socket file permission
--socket-path <string>
Path to hot restart socket file
--disable-extensions <string>
Comma-separated list of extensions to disable
--cpuset-threads
Get the default # of worker threads from cpuset size
--enable-mutex-tracing
Enable mutex contention tracing functionality
--disable-hot-restart
Disable hot restart functionality
--mode <string>
One of 'serve' (default; validate configs and then serve traffic
normally) or 'validate' (validate configs and exit).
--parent-shutdown-time-s <uint32_t>
Hot restart parent shutdown time in seconds
--drain-strategy <string>
Hot restart drain sequence behaviour, one of 'gradual' (default) or
'immediate'.
--drain-time-s <uint32_t>
Hot restart and LDS removal drain time in seconds
--file-flush-interval-msec <uint32_t>
Interval for log flushing in msec
--service-zone <string>
Zone name
--service-node <string>
Node name
--service-cluster <string>
Cluster name
--hot-restart-version
Hot restart compatibility version
--restart-epoch <uint32_t>
Hot restart epoch #
--log-path <string>
Path to logfile
--enable-fine-grain-logging
Logger mode: enable file level log control (Fine-Grain Logger) or not
--log-format-escaped
Escape c-style escape sequences in the application logs
--log-format <string>
Log message format in spdlog syntax (see
https://github.com/gabime/spdlog/wiki/3.-Custom-formatting)
Default is "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"
--component-log-level <string>
Comma-separated list of component log levels. For example
upstream:debug,config:trace
-l <string>, --log-level <string>
Log levels: [trace][debug][info][warning
|warn][error][critical][off]
Default is [info]
--local-address-ip-version <string>
The local IP address version (v4 or v6).
--admin-address-path <string>
Admin address path
--skip-deprecated-logs
Skips the logging of deprecated field warnings during Protobuf message
validation
--ignore-unknown-dynamic-fields
Ignore unknown fields in dynamic configuration
--reject-unknown-dynamic-fields
Reject unknown fields in dynamic configuration
--allow-unknown-static-fields
Allow unknown fields in static configuration
--allow-unknown-fields
Allow unknown fields in static configuration (DEPRECATED)
--config-yaml <string>
Inline YAML configuration, merges with the contents of --config-path
-c <string>, --config-path <string>
Path to configuration file
--concurrency <uint32_t>
# of worker threads to run
--base-id-path <string>
Path to which the base ID is written
--skip-hot-restart-parent-stats
When hot restarting, by default the child instance copies stats from
the parent instance periodically during the draining period. This can
potentially be an expensive operation; set this to true to reset all
stats in child process.
--skip-hot-restart-on-no-parent
When hot restarting with epoch>0, the default behavior is for the
child to crash if the connection to the parent cannot be established.
Set this to true to instead continue with a regular startup, while
retaining the new epoch value.
--use-dynamic-base-id
The server chooses a base ID dynamically. Supersedes a static base ID.
May not be used when the restart epoch is non-zero.
--base-id <uint32_t>
Base ID so that multiple envoys can run on the same host if needed
--, --ignore_rest
Ignores the rest of the labeled arguments following this flag.
--version
Displays version information and exits.
-h, --help
Displays usage information and exits.
envoy
默认配置
root@t:~# docker run -it --rm --entrypoint bash envoyproxy/envoy:v1.35.3
root@2e44e67518e7:/# ls /etc/envoy/
VERSION.txt envoy.yaml
root@2e44e67518e7:/# cat /etc/envoy/envoy.yaml
admin:
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
scheme_header_transformation:
scheme_to_overwrite: https
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/"
route:
host_rewrite_literal: www.envoyproxy.io
cluster: service_envoyproxy_io
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: service_envoyproxy_io
connect_timeout: 30s
type: LOGICAL_DNS
# Comment out the following line to test on v6 networks
dns_lookup_family: V4_ONLY
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: service_envoyproxy_io
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: www.envoyproxy.io
port_value: 443
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: www.envoyproxy.io
说明:
- admin 管理端口:http://127.0.0.1:9091
- 代理服务端口:http://127.0.0.1:10000
access log
admin:
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
Override the default configuration
admin:
address:
socket_address:
address: 127.0.0.1
port_value: 9902
envoy -c envoy-demo.yaml --config-yaml "$(cat envoy-override.yaml)"
docker run --rm -it \
-p 9902:9902 \
-p 10000:10000 \
envoyproxy/envoy:v1.35.3 \
-c /etc/envoy/envoy.yaml \
--config-yaml "$(cat envoy-override.yaml)"
启动服务
envoy -c envoy-demo.yaml
docker run --rm -it -d \
-p 9901:9901 \
-p 10000:10000 \
envoyproxy/envoy:v1.35.3
# 调试,进入容器启动服务:`envoy -c /etc/envoy/envoy.yaml`
docker run --rm -it -d \
-p 9901:9901 \
-p 10000:10000 \
--name envoy \
--entrypoint bash \
envoyproxy/envoy:v1.35.3
# 指定配置
docker run --rm -it \
-v $(pwd)/envoy-custom.yaml:/envoy-custom.yaml \
-p 9901:9901 \
-p 10000:10000 \
envoyproxy/envoy:v1.35.3 \
-c /envoy-custom.yaml