Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
production_ready_envoy
Search
Shuhei Ozawa
January 08, 2020
Technology
2
1.2k
production_ready_envoy
本番環境でEnvoyを導入するためにやったこと
Envoy Meetup Tokyo #1 の発表資料
https://envoytokyo.connpass.com/event/157711/
Shuhei Ozawa
January 08, 2020
Tweet
Share
More Decks by Shuhei Ozawa
See All by Shuhei Ozawa
Amebaアフィリエイト基盤の GKEアーキテクチャと マイクロサービス
ozashu
0
200
ログ・係数集約と可視化・分析
ozashu
0
140
Python for web architectures
ozashu
0
920
PyQではじめるPython
ozashu
0
430
インフラエンジニアのWEBアプリ入門
ozashu
1
8k
Other Decks in Technology
See All in Technology
7月のガバクラ利用料が高かったので調べてみた
techniczna
3
820
Bye-Bye Query Spaghetti: Write Queries You'll Actually Understand Using Pipelined SQL Syntax
tobiaslampertlotum
0
120
つくって納得、つかって実感! 大規模言語モデルことはじめ
recruitengineers
PRO
32
12k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
30k
スプリントレトロスペクティブはチーム観察の宝庫? 〜チームの衝突レベルに合わせたアプローチ仮説!〜
electricsatie
1
150
ヒューリスティック評価を用いたゲームQA実践事例
gree_tech
PRO
0
430
進捗
ydah
2
230
実践アプリケーション設計 ①データモデルとドメインモデル
recruitengineers
PRO
5
1.4k
絶対に失敗できないキャンペーンページの高速かつ安全な開発、WINTICKET × microCMS の開発事例
microcms
0
360
kubellが考える戦略と実行を繋ぐ活用ファーストのデータ分析基盤
kubell_hr
0
130
AI時代に非連続な成長を実現するエンジニアリング戦略
sansantech
PRO
3
930
Flutterでキャッチしないエラーはどこに行く
taiju59
0
210
Featured
See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
111
20k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Agile that works and the tools we love
rasmusluckow
330
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Docker and Python
trallard
45
3.5k
Testing 201, or: Great Expectations
jmmastey
45
7.6k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
How to Think Like a Performance Engineer
csswizardry
26
1.9k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Code Review Best Practice
trishagee
70
19k
Transcript
ຊ൪ڥͰEnvoyΛಋೖ͢ΔͨΊʹͬͨ͜ͱ
Outline 1. Ͳ͏ͯ͠EnvoyΛಋೖͨ͠ͷ? 2. ͜Μͳײ͡Ͱಋೖ͠·ͨ͠ 3. Configͷڞ௨Խ 4. ϩάϝτϦΫεपΓͷઃఆ 5.
࣮ࡍʹӡ༻ͯ͜͠·ͬͨ͜ͱ 6. ϝτϦΫεΛऔΓ͜΅͞ͳ͍ҝʹ
Ͳ͏ͯ͠EnvoyΛಋೖ͠ ͨͷ?
gRPCͷBalancingͷͨΊʹಋೖ αʔϏεσΟεΧόϦHeadless Services
͜Μͳײ͡Ͱಋೖ
Sidecarύλʔϯ
Configͷڞ௨Խ
ϚΠΫϩαʔϏεຖʹ։ൃऀ͕ҧ͏ EnvoyͷΩϟονΞοϓͷίετΛݮΒ͍ͨ͠ͷͰɺ શϚΠΫϩαʔϏεڞ௨ͷconfigΛ࡞͠ɺ ͦΕΛแͨ͠envoyΠϝʔδΛར༻͢Δ͜ͱʹͨ͠ɻ 4 ݸผʹConfigMapΛ࡞Βͳ͍͍ͯ͘ͷͱɺઃఆͷϨϕϧײ Λ౷Ұ͢Δ͜ͱ͕Ͱ͖ͨɻ
4 DockerfileΛॻ͍ͯΠϝʔδΛ༻ҙ 4 YAMLͷΞϯΧʔͱΤΠϦΞεͰهड़ྔΛݮΒ͢ type: STRICT_DNS lb_policy: ROUND_ROBIN connect_timeout: 0.25s
drain_connections_on_host_removal: true http2_protocol_options: {} health_checks: *health_checks outlier_detection: *outlier_detection circuit_breakers: *circuit_breakers
ϩάϝτϦΫεपΓͷ ઃఆ
ΞΫηεϩάͷઃఆ 4 %RESPONSE_FLAGS%ͰresponceͷใΛΈΔ͙Β͍ access_log: - name: envoy.file_access_log config: path: "/dev/stdout"
json_format: start_time: "%START_TIME%" method: "%REQ(:METHOD)%" path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" protocol: "%PROTOCOL%" response_code: "%RESPONSE_CODE%" response_flags: "%RESPONSE_FLAGS%" bytes_rcvd: "%BYTES_RECEIVED%" bytes_snt: "%BYTES_SENT%" duration: "%DURATION%" x-envoy-upstream-svc-time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" x-forwarded-for: "%REQ(X-FORWARDED-FOR)%" useragent: "%REQ(USER-AGENT)%" x-request-id: "%REQ(X-REQUEST-ID)%" backend_address: "%UPSTREAM_HOST%" client: "%DOWNSTREAM_REMOTE_ADDRESS%" referer: "%REQ(REFERER)%" response_duration: "%RESPONSE_DURATION%" upstream_transport_failure_reason: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
Circuit Breaking աͳϦΫΤετͱ͔ίωΫγϣϯ͕͖ͨͱ͖ʹɺΞϓϦ͕Ԡ ෆՄʹͳΔͷΛ͙ circuit_breakers: &circuit_breakers thresholds: - priority: DEFAULT
max_connections: 1024 max_pending_requests: 1024 max_requests: 1024 max_retries: 3
outlier_detection podͷ500ܥ200ܥͷճΛΈͯΫϥελ͔ΒऔΓআ͘ ੍͔ޚ͍ͯ͠Δ consecutive_5xx: 5 interval: 5s base_ejection_time: 30s max_ejection_percent:
10 enforcing_consecutive_5xx: 100 enforcing_success_rate: 100 success_rate_minimum_hosts: 5 success_rate_request_volume: 100 success_rate_stdev_factor: 1900 consecutive_gateway_failure: 5 enforcing_consecutive_gateway_failure: 0 split_external_local_origin_errors: true consecutive_local_origin_failure: 5 enforcing_consecutive_local_origin_failure: 100 enforcing_local_origin_success_rate: 100 failure_percentage_threshold: 85 enforcing_failure_percentage: 0 enforcing_failure_percentage_local_origin: 0 failure_percentage_minimum_hosts: 5 failure_percentage_request_volume: 50
healthcheck appଆͰHTTPͷΤϯυϙΠϯτΛੜͯ͠Readiness/ Liveness Prove ͰͷhealthcheckΛͨ͠ gRPCͷhealthcheckαΠυΧʔͷenvoy͔ΒͷΈୟ͘Α͏ ʹ͍ͯ͠Δ
EnvoyͷϝτϦΫε ࣮ࡍDatadog APMͰऔಘͨ͠ϝτϦΫεΛΈ͍ͯΔ... annotations: ad.datadoghq.com/envoy.check_names: '["envoy"]' ad.datadoghq.com/envoy.init_configs: '[{}]' ad.datadoghq.com/envoy.instances: |
[ { "stats_url": "http://%%host%%:8001/stats" } ]
࣮ࡍʹӡ༻ͯ͠ࠔͬͨࣄ
pod ͕૿͑ΔͱϔϧενΣοΫͷgRPCΞΫηε͕ܶతʹ૿ ͑ͯ͠·͍APIࢹͰUNKNOWNͷΞϥʔτΛൃใ pass_through_mode: false ʹͯ͠ϔϧενΣοΫͷঢ়ଶΛ อ͓͍࣋ͯͯ͠ฦ͢Α͏ʹઃఆͨ͠ http_filters: - name:
envoy.health_check typed_config: "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false cluster_min_healthy_percentages: self-grpc: value: 100 headers: - name: ":path" exact_match: /healthz no_traffic_interval ΛσϑΥϧτ 60s ʹͯ͠େྔͷϔϧ ενΣοΫΛૹ৴͠ͳ͍Α͏ʹ͍ͯ͠Δ
ϝτϦΫεΛऔΓ͜΅͞ ͳ͍ҝʹ
1. drain_connections_on_host_removal Λtrueʹͯ͠ healthcheckͷࣦഊΛͨͣʹservice discovery͔Βআ֎ ͤ͞Δ 2. ΞϓϦέʔγϣϯΛىಈ͢ΔલʹenvoyΛىಈͤ͞Δ 4 http://localhost:8001/ready
Λୟ͍ͯ200εςʔλ ε͕ฦ͖͔ͬͯͯΒΞϓϦΛىಈͤ͞Δ 3. envoy͕ऴྃ͢ΔલʹΞϓϦέʔγϣϯΛऴྃͤ͞Δ 4 ΞϓϦέʔγϣϯίϯςφ͔Βͷશͯͷଓ͕ΕΔ· ͰͭγΣϧܳΛ͍ͯ͠Δ
͓͠·͍