Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
production_ready_envoy
Search
Shuhei Ozawa
January 08, 2020
Technology
2
1.1k
production_ready_envoy
本番環境でEnvoyを導入するためにやったこと
Envoy Meetup Tokyo #1 の発表資料
https://envoytokyo.connpass.com/event/157711/
Shuhei Ozawa
January 08, 2020
Tweet
Share
More Decks by Shuhei Ozawa
See All by Shuhei Ozawa
Amebaアフィリエイト基盤の GKEアーキテクチャと マイクロサービス
ozashu
0
150
ログ・係数集約と可視化・分析
ozashu
0
130
Python for web architectures
ozashu
0
880
PyQではじめるPython
ozashu
0
400
インフラエンジニアのWEBアプリ入門
ozashu
1
8k
Other Decks in Technology
See All in Technology
Potential EM 制度を始めた理由、そして2年後にやめた理由 - EMConf JP 2025
hoyo
1
110
SA Night #2 FinatextのSA思想/SA Night #2 Finatext session
satoshiimai
1
150
わたしがEMとして入社した「最初の100日」の過ごし方 / EMConfJp2025
daiksy
2
830
データマネジメントのトレードオフに立ち向かう
ikkimiyazaki
6
1.2k
TAMとre:Capセキュリティ編 〜拡張脅威検出デモを添えて〜
fujiihda
2
380
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
150
PHPで印刷所に入稿できる名札データを作る / Generating Print-Ready Name Tag Data with PHP
tomzoh
0
160
ローカルLLMを活用したコード生成と、ローコード開発ツールへの応用
kazuhitoyokoi
0
140
NFV基盤のOpenStack更新 ~9世代バージョンアップへの挑戦~
vtj
0
300
Active Directory攻防
cryptopeg
PRO
8
4.6k
システム・ML活用を広げるdbtのデータモデリング / Expanding System & ML Use with dbt Modeling
i125
1
290
脳波を用いた嗜好マッチングシステム
hokkey621
0
220
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.1k
A Tale of Four Properties
chriscoyier
158
23k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Mobile First: as difficult as doing things right
swwweet
223
9.3k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
How GitHub (no longer) Works
holman
314
140k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Visualization
eitanlees
146
15k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Transcript
ຊ൪ڥͰEnvoyΛಋೖ͢ΔͨΊʹͬͨ͜ͱ
Outline 1. Ͳ͏ͯ͠EnvoyΛಋೖͨ͠ͷ? 2. ͜Μͳײ͡Ͱಋೖ͠·ͨ͠ 3. Configͷڞ௨Խ 4. ϩάϝτϦΫεपΓͷઃఆ 5.
࣮ࡍʹӡ༻ͯ͜͠·ͬͨ͜ͱ 6. ϝτϦΫεΛऔΓ͜΅͞ͳ͍ҝʹ
Ͳ͏ͯ͠EnvoyΛಋೖ͠ ͨͷ?
gRPCͷBalancingͷͨΊʹಋೖ αʔϏεσΟεΧόϦHeadless Services
͜Μͳײ͡Ͱಋೖ
Sidecarύλʔϯ
Configͷڞ௨Խ
ϚΠΫϩαʔϏεຖʹ։ൃऀ͕ҧ͏ EnvoyͷΩϟονΞοϓͷίετΛݮΒ͍ͨ͠ͷͰɺ શϚΠΫϩαʔϏεڞ௨ͷconfigΛ࡞͠ɺ ͦΕΛแͨ͠envoyΠϝʔδΛར༻͢Δ͜ͱʹͨ͠ɻ 4 ݸผʹConfigMapΛ࡞Βͳ͍͍ͯ͘ͷͱɺઃఆͷϨϕϧײ Λ౷Ұ͢Δ͜ͱ͕Ͱ͖ͨɻ
4 DockerfileΛॻ͍ͯΠϝʔδΛ༻ҙ 4 YAMLͷΞϯΧʔͱΤΠϦΞεͰهड़ྔΛݮΒ͢ type: STRICT_DNS lb_policy: ROUND_ROBIN connect_timeout: 0.25s
drain_connections_on_host_removal: true http2_protocol_options: {} health_checks: *health_checks outlier_detection: *outlier_detection circuit_breakers: *circuit_breakers
ϩάϝτϦΫεपΓͷ ઃఆ
ΞΫηεϩάͷઃఆ 4 %RESPONSE_FLAGS%ͰresponceͷใΛΈΔ͙Β͍ access_log: - name: envoy.file_access_log config: path: "/dev/stdout"
json_format: start_time: "%START_TIME%" method: "%REQ(:METHOD)%" path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" protocol: "%PROTOCOL%" response_code: "%RESPONSE_CODE%" response_flags: "%RESPONSE_FLAGS%" bytes_rcvd: "%BYTES_RECEIVED%" bytes_snt: "%BYTES_SENT%" duration: "%DURATION%" x-envoy-upstream-svc-time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" x-forwarded-for: "%REQ(X-FORWARDED-FOR)%" useragent: "%REQ(USER-AGENT)%" x-request-id: "%REQ(X-REQUEST-ID)%" backend_address: "%UPSTREAM_HOST%" client: "%DOWNSTREAM_REMOTE_ADDRESS%" referer: "%REQ(REFERER)%" response_duration: "%RESPONSE_DURATION%" upstream_transport_failure_reason: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
Circuit Breaking աͳϦΫΤετͱ͔ίωΫγϣϯ͕͖ͨͱ͖ʹɺΞϓϦ͕Ԡ ෆՄʹͳΔͷΛ͙ circuit_breakers: &circuit_breakers thresholds: - priority: DEFAULT
max_connections: 1024 max_pending_requests: 1024 max_requests: 1024 max_retries: 3
outlier_detection podͷ500ܥ200ܥͷճΛΈͯΫϥελ͔ΒऔΓআ͘ ੍͔ޚ͍ͯ͠Δ consecutive_5xx: 5 interval: 5s base_ejection_time: 30s max_ejection_percent:
10 enforcing_consecutive_5xx: 100 enforcing_success_rate: 100 success_rate_minimum_hosts: 5 success_rate_request_volume: 100 success_rate_stdev_factor: 1900 consecutive_gateway_failure: 5 enforcing_consecutive_gateway_failure: 0 split_external_local_origin_errors: true consecutive_local_origin_failure: 5 enforcing_consecutive_local_origin_failure: 100 enforcing_local_origin_success_rate: 100 failure_percentage_threshold: 85 enforcing_failure_percentage: 0 enforcing_failure_percentage_local_origin: 0 failure_percentage_minimum_hosts: 5 failure_percentage_request_volume: 50
healthcheck appଆͰHTTPͷΤϯυϙΠϯτΛੜͯ͠Readiness/ Liveness Prove ͰͷhealthcheckΛͨ͠ gRPCͷhealthcheckαΠυΧʔͷenvoy͔ΒͷΈୟ͘Α͏ ʹ͍ͯ͠Δ
EnvoyͷϝτϦΫε ࣮ࡍDatadog APMͰऔಘͨ͠ϝτϦΫεΛΈ͍ͯΔ... annotations: ad.datadoghq.com/envoy.check_names: '["envoy"]' ad.datadoghq.com/envoy.init_configs: '[{}]' ad.datadoghq.com/envoy.instances: |
[ { "stats_url": "http://%%host%%:8001/stats" } ]
࣮ࡍʹӡ༻ͯ͠ࠔͬͨࣄ
pod ͕૿͑ΔͱϔϧενΣοΫͷgRPCΞΫηε͕ܶతʹ૿ ͑ͯ͠·͍APIࢹͰUNKNOWNͷΞϥʔτΛൃใ pass_through_mode: false ʹͯ͠ϔϧενΣοΫͷঢ়ଶΛ อ͓͍࣋ͯͯ͠ฦ͢Α͏ʹઃఆͨ͠ http_filters: - name:
envoy.health_check typed_config: "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false cluster_min_healthy_percentages: self-grpc: value: 100 headers: - name: ":path" exact_match: /healthz no_traffic_interval ΛσϑΥϧτ 60s ʹͯ͠େྔͷϔϧ ενΣοΫΛૹ৴͠ͳ͍Α͏ʹ͍ͯ͠Δ
ϝτϦΫεΛऔΓ͜΅͞ ͳ͍ҝʹ
1. drain_connections_on_host_removal Λtrueʹͯ͠ healthcheckͷࣦഊΛͨͣʹservice discovery͔Βআ֎ ͤ͞Δ 2. ΞϓϦέʔγϣϯΛىಈ͢ΔલʹenvoyΛىಈͤ͞Δ 4 http://localhost:8001/ready
Λୟ͍ͯ200εςʔλ ε͕ฦ͖͔ͬͯͯΒΞϓϦΛىಈͤ͞Δ 3. envoy͕ऴྃ͢ΔલʹΞϓϦέʔγϣϯΛऴྃͤ͞Δ 4 ΞϓϦέʔγϣϯίϯςφ͔Βͷશͯͷଓ͕ΕΔ· ͰͭγΣϧܳΛ͍ͯ͠Δ
͓͠·͍