1

我正在尝试为我的 GRPC 服务的负载平衡和发现功能做一个非常基本的 Envoy 设置。假设一个非常基本的设置,我在 Docker 容器中运行了两个 GRPC 服务。根据 Envoy 文档,我应该使用“envoy.tcp_proxy”过滤器类型。在这里,我做了一个非常简单的 yml 配置,但无法运行:

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000, protocol: TCP }
    filter_chains:
    - filters:
        - name: envoy.tcp_proxy
          config:
              stat_prefix: myservice
              cluster: mycluster
  clusters:
  - name: mycluster
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    hosts: [{ socket_address: { address: localhost, port_value: 30270 }}]
    tls_context: { sni: localhost }

显然我做错了什么,但是在站点的任何地方都找不到完整的 GRPC 到 GRPC 服务网格 Envoy 配置示例。端口 30270 是我在服务器端公开和侦听的端口。

鉴于上述配置说:

初始化配置“/etc/envoy.yaml”时出错:envoy.tcp_proxy 工厂返回 nullptr 而不是空配置消息

我还需要使用 HTTP 管理器来路由吗?有人可以分享一个例子吗?

4

2 回答 2

1

您想使用envoy.http_connection_manager过滤器类型。是一个简单的 gRPC 配置示例。

于 2018-03-09T17:47:47.807 回答
0

这是一个示例 envoy.yaml 配置。

static_resources:

  listeners:
    - name: listener_0
      address:
        socket_address:
          address: X.X.X.X
          port_value: 443
          ipv4Compat: true
      filter_chains:
        - filter_chain_match: {}
          transport_socket:
            name: envoy.transport_sockets.tls
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
              common_tls_context:
                tls_params:
                  cipher_suites:
                    - ECDHE-ECDSA-AES128-GCM-SHA256
                    - ECDHE-RSA-AES128-GCM-SHA256
                    - ECDHE-ECDSA-AES128-SHA
                    - ECDHE-RSA-AES128-SHA
                    - AES128-GCM-SHA256
                    - AES128-SHA
                    - ECDHE-ECDSA-AES256-GCM-SHA384
                    - ECDHE-RSA-AES256-GCM-SHA384
                    - ECDHE-ECDSA-AES256-SHA
                    - ECDHE-RSA-AES256-SHA
                    - AES256-GCM-SHA384
                    - AES256-SHA
                  ecdh_curves:
                    - P-256
                tls_certificates:
                  - certificate_chain:
                      filename: "/home/.tomcat_cert.pem"
                    private_key:
                      filename: "/home/.tomcat_key.pem"
                validation_context:
                  trust_chain_verification: ACCEPT_UNTRUSTED
                alpn_protocols:
                  - h2
              require_client_certificate: false
          filters:
            - name: envoy.filters.network.http_connection_manager
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                stat_prefix: ingress_http
                http_filters:
                  - name: envoy.filters.http.router
                route_config:
                  name: local_route
                  virtual_hosts:
                    - name: local_service
                      domains: ["*"]
                      routes:
                        - match:
                            prefix: "/api.ApiService"
                          route:
                            cluster: grpc-server
                            idle_timeout: 0s
                            max_stream_duration:
                              grpc_timeout_header_max: 35s
                        - match:
                            prefix: "/site"
                          route:
                            cluster: site_router
  clusters:
    - name: site_router
      type: static
      # Comment out the following line to test on v6 networks
      lb_policy: round_robin
      connect_timeout: 25s
      http2_protocol_options: {}
      load_assignment:
        cluster_name: site_router
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      port_value: 7880
    - name: grpc-server
      type: static
      # Comment out the following line to test on v6 networks
      lb_policy: round_robin
      connect_timeout: 25s
      http2_protocol_options: {}
      load_assignment:
        cluster_name: grpc-server
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      port_value: 7879
于 2021-08-12T14:16:03.937 回答