Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
production_ready_envoy
Search
Shuhei Ozawa
January 08, 2020
Technology
2
1k
production_ready_envoy
本番環境でEnvoyを導入するためにやったこと
Envoy Meetup Tokyo #1 の発表資料
https://envoytokyo.connpass.com/event/157711/
Shuhei Ozawa
January 08, 2020
Tweet
Share
More Decks by Shuhei Ozawa
See All by Shuhei Ozawa
Amebaアフィリエイト基盤の GKEアーキテクチャと マイクロサービス
ozashu
0
120
ログ・係数集約と可視化・分析
ozashu
0
100
Python for web architectures
ozashu
0
830
PyQではじめるPython
ozashu
0
380
インフラエンジニアのWEBアプリ入門
ozashu
1
7.9k
Other Decks in Technology
See All in Technology
Algyan イベント振り返り
linyixian
0
190
"好き"との生活/Regularly update profile with GitHub Actions
judeeeee
0
150
小さな開発会社がWebサービスを作る理由
polidog
PRO
1
150
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
210
DevOpsDays History and my DevOps story
kawaguti
PRO
8
1.5k
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
570
A (short) History of AI
harishpillay
0
110
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
3
230
Aurora MySQL v3(MySQL8.0互換)の オンラインDDLの罠挙動を全バージョンで検証した
yutakikai
1
150
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
200
NgRx Signal Store
rainerhahnekamp
0
110
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
2
2.9k
Featured
See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
4 Signs Your Business is Dying
shpigford
175
21k
The Power of CSS Pseudo Elements
geoffreycrofte
59
5k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
19
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2.1k
[RailsConf 2023] Rails as a piece of cake
palkan
22
3.9k
Automating Front-end Workflow
addyosmani
1355
200k
Statistics for Hackers
jakevdp
789
220k
Fireside Chat
paigeccino
20
2.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
124
32k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Transcript
ຊ൪ڥͰEnvoyΛಋೖ͢ΔͨΊʹͬͨ͜ͱ
Outline 1. Ͳ͏ͯ͠EnvoyΛಋೖͨ͠ͷ? 2. ͜Μͳײ͡Ͱಋೖ͠·ͨ͠ 3. Configͷڞ௨Խ 4. ϩάϝτϦΫεपΓͷઃఆ 5.
࣮ࡍʹӡ༻ͯ͜͠·ͬͨ͜ͱ 6. ϝτϦΫεΛऔΓ͜΅͞ͳ͍ҝʹ
Ͳ͏ͯ͠EnvoyΛಋೖ͠ ͨͷ?
gRPCͷBalancingͷͨΊʹಋೖ αʔϏεσΟεΧόϦHeadless Services
͜Μͳײ͡Ͱಋೖ
Sidecarύλʔϯ
Configͷڞ௨Խ
ϚΠΫϩαʔϏεຖʹ։ൃऀ͕ҧ͏ EnvoyͷΩϟονΞοϓͷίετΛݮΒ͍ͨ͠ͷͰɺ શϚΠΫϩαʔϏεڞ௨ͷconfigΛ࡞͠ɺ ͦΕΛแͨ͠envoyΠϝʔδΛར༻͢Δ͜ͱʹͨ͠ɻ 4 ݸผʹConfigMapΛ࡞Βͳ͍͍ͯ͘ͷͱɺઃఆͷϨϕϧײ Λ౷Ұ͢Δ͜ͱ͕Ͱ͖ͨɻ
4 DockerfileΛॻ͍ͯΠϝʔδΛ༻ҙ 4 YAMLͷΞϯΧʔͱΤΠϦΞεͰهड़ྔΛݮΒ͢ type: STRICT_DNS lb_policy: ROUND_ROBIN connect_timeout: 0.25s
drain_connections_on_host_removal: true http2_protocol_options: {} health_checks: *health_checks outlier_detection: *outlier_detection circuit_breakers: *circuit_breakers
ϩάϝτϦΫεपΓͷ ઃఆ
ΞΫηεϩάͷઃఆ 4 %RESPONSE_FLAGS%ͰresponceͷใΛΈΔ͙Β͍ access_log: - name: envoy.file_access_log config: path: "/dev/stdout"
json_format: start_time: "%START_TIME%" method: "%REQ(:METHOD)%" path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" protocol: "%PROTOCOL%" response_code: "%RESPONSE_CODE%" response_flags: "%RESPONSE_FLAGS%" bytes_rcvd: "%BYTES_RECEIVED%" bytes_snt: "%BYTES_SENT%" duration: "%DURATION%" x-envoy-upstream-svc-time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" x-forwarded-for: "%REQ(X-FORWARDED-FOR)%" useragent: "%REQ(USER-AGENT)%" x-request-id: "%REQ(X-REQUEST-ID)%" backend_address: "%UPSTREAM_HOST%" client: "%DOWNSTREAM_REMOTE_ADDRESS%" referer: "%REQ(REFERER)%" response_duration: "%RESPONSE_DURATION%" upstream_transport_failure_reason: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
Circuit Breaking աͳϦΫΤετͱ͔ίωΫγϣϯ͕͖ͨͱ͖ʹɺΞϓϦ͕Ԡ ෆՄʹͳΔͷΛ͙ circuit_breakers: &circuit_breakers thresholds: - priority: DEFAULT
max_connections: 1024 max_pending_requests: 1024 max_requests: 1024 max_retries: 3
outlier_detection podͷ500ܥ200ܥͷճΛΈͯΫϥελ͔ΒऔΓআ͘ ੍͔ޚ͍ͯ͠Δ consecutive_5xx: 5 interval: 5s base_ejection_time: 30s max_ejection_percent:
10 enforcing_consecutive_5xx: 100 enforcing_success_rate: 100 success_rate_minimum_hosts: 5 success_rate_request_volume: 100 success_rate_stdev_factor: 1900 consecutive_gateway_failure: 5 enforcing_consecutive_gateway_failure: 0 split_external_local_origin_errors: true consecutive_local_origin_failure: 5 enforcing_consecutive_local_origin_failure: 100 enforcing_local_origin_success_rate: 100 failure_percentage_threshold: 85 enforcing_failure_percentage: 0 enforcing_failure_percentage_local_origin: 0 failure_percentage_minimum_hosts: 5 failure_percentage_request_volume: 50
healthcheck appଆͰHTTPͷΤϯυϙΠϯτΛੜͯ͠Readiness/ Liveness Prove ͰͷhealthcheckΛͨ͠ gRPCͷhealthcheckαΠυΧʔͷenvoy͔ΒͷΈୟ͘Α͏ ʹ͍ͯ͠Δ
EnvoyͷϝτϦΫε ࣮ࡍDatadog APMͰऔಘͨ͠ϝτϦΫεΛΈ͍ͯΔ... annotations: ad.datadoghq.com/envoy.check_names: '["envoy"]' ad.datadoghq.com/envoy.init_configs: '[{}]' ad.datadoghq.com/envoy.instances: |
[ { "stats_url": "http://%%host%%:8001/stats" } ]
࣮ࡍʹӡ༻ͯ͠ࠔͬͨࣄ
pod ͕૿͑ΔͱϔϧενΣοΫͷgRPCΞΫηε͕ܶతʹ૿ ͑ͯ͠·͍APIࢹͰUNKNOWNͷΞϥʔτΛൃใ pass_through_mode: false ʹͯ͠ϔϧενΣοΫͷঢ়ଶΛ อ͓͍࣋ͯͯ͠ฦ͢Α͏ʹઃఆͨ͠ http_filters: - name:
envoy.health_check typed_config: "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false cluster_min_healthy_percentages: self-grpc: value: 100 headers: - name: ":path" exact_match: /healthz no_traffic_interval ΛσϑΥϧτ 60s ʹͯ͠େྔͷϔϧ ενΣοΫΛૹ৴͠ͳ͍Α͏ʹ͍ͯ͠Δ
ϝτϦΫεΛऔΓ͜΅͞ ͳ͍ҝʹ
1. drain_connections_on_host_removal Λtrueʹͯ͠ healthcheckͷࣦഊΛͨͣʹservice discovery͔Βআ֎ ͤ͞Δ 2. ΞϓϦέʔγϣϯΛىಈ͢ΔલʹenvoyΛىಈͤ͞Δ 4 http://localhost:8001/ready
Λୟ͍ͯ200εςʔλ ε͕ฦ͖͔ͬͯͯΒΞϓϦΛىಈͤ͞Δ 3. envoy͕ऴྃ͢ΔલʹΞϓϦέʔγϣϯΛऴྃͤ͞Δ 4 ΞϓϦέʔγϣϯίϯςφ͔Βͷશͯͷଓ͕ΕΔ· ͰͭγΣϧܳΛ͍ͯ͠Δ
͓͠·͍