Successfully reported this slideshow.
Your SlideShare is downloading. ×

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Introduction enovy

  1. 1. Fantastic Envoy Introduction to envoy
  2. 2. What is Envoy Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures. Following high level features: - Out of process architecture - Modern C++11 code base - L3/L4 filter architecture - HTTP L7 filter architecture - First class HTTP/2 support - HTTP L7 routing - ………..
  3. 3. What can Envoy do? - TCP/UDP PORXY - HTTP - HTTP Upgrades: HTTP1→ HTTP2 - Routing - Path/Host - Host/Path/Prefix Rewriting - Traffic shifting - Upstream Cluters - Service Discovery - Health Checking - Load Balancing - Agreate Cluster - Circurit Breaker - Observability - Security - TLS - JWT - External Authorization
  4. 4. Deployment types
  5. 5. Envoy Model Architecture admin: access_log_path: /tmp/admin_access.log address: socket_address: { address:, port_value: 9901 } static_resources: listeners: - name: listener_0 address: socket_address: { address:, port_value: 10000 } filter_chains: - filters: - name: typed_config: "@type": stat_prefix: ingress_http codec_type: AUTO route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: - match: { prefix: "/" } route: { cluster: some_service } http_filters: - name: envoy.filters.http.router clusters: - name: some_service connect_timeout: 0.25s type: STATIC lb_policy: ROUND_ROBIN load_assignment: cluster_name: some_service endpoints: - lb_endpoints: - endpoint: address: socket_address: address: Listeners Upstream Cluster HTTP HTTP - Filter HTTP - Route Listeners - Filters
  6. 6. Envoy Architecture Envoy xDS Service LDS RDS EDS CDS SDS Envoy Proxy Envoy Proxy Envoy Proxy GRPC / REST Access loggRPC
  7. 7. Envoy inside - Threading
  8. 8. How Thread Works
  9. 9. How Thread Works
  10. 10. Envoy Thread Works Listen/Read/Write 工作线程 Loo p Listen/Read/Write 工作线程 Loo p Listen/Read/Write 工作线程 Loo p EPOLLONESHOT (since Linux 2.6.2) Requests one-shot notification for the associated file descriptor. This means that after an event notified for the file descriptor by epoll_wait(2), the file descriptor is dis- abled in the interest list and no other events will be reported by the epoll interface. The user must call epoll_ctl() with EPOLL_CTL_MOD to rearm the file descriptor with a new event mask. Link: g from multiple threads
  11. 11. Envoy with Libevent Event_LoopAccept Bind Read Event Envoy Chains Read Create Call Read Event Worker Source: - ConnectionImpl::onRead - ListenerImpl::listenCallback
  12. 12. Envoy Filters Read Filters Write Filters Source: - FilterManagerImpl::upstream_filters_ - FilterManagerImpl::onContinueReading - FilterManagerImpl::onWrite Buffer Filter Manager Client Socket
  13. 13. Extending Envoy Access loggers Access log filters Clusters Listener filters Network filters HTTP filters gRPC credential providers gRPC credential providers Health checkers Resource monitors Retry implementations Stat sinks Tracers Request ID Transport sockets BoringSSL private key methods
  14. 14. Envoy Dynamically Filter Lua Wasm Link: wasm/blob/master/examples/lua/envoy.yaml - name: envoy.filters.http.lua typed_config: "@type": inline_code: | local mylibrary = require("lib.mylibrary") function envoy_on_request(request_handle) request_handle:headers():add("foo", mylibrary.foobar()) end function envoy_on_response(response_handle) body_size = response_handle:body():length() response_handle:headers():add("response-body-size", tostring(body_size)) end - name: envoy.filters.http.wasm config: config: name: "my_plugin" root_id: "my_root_id" vm_config: vm_id: "my_vm_id" runtime: "envoy.wasm.runtime.v8" code: local: filename: "/etc/envoy_filter_http_wasm_example.wasm" allow_precompiled: true Link: wasm/blob/master/examples/wasm/envoy.yaml
  15. 15. Envoy Distribution
  16. 16. Look at Gloo
  17. 17. Gloo Multi-Tenant Multi-tenant Gloo installations by installing to multiple namespaces
  18. 18. Gloo ExtAuth In EE Link: auth/ Gloo GatewayGloo Gateway Proxy Reques t By Unix Socket Basic Auth: Authenticating using a dictionary of usernames and passwords on a virtual service. OAuth: External Auth with Oauth JSON Web Tokens (JWT): Introduction to JWT and what they are used for API Keys: How to setup ApiKey authentication. OPA Authorization: Illustrating how to combine OpenID Connect with Open Policy Agent to achieve fine grained policy with Gloo. LDAP: Authenticate and authorize requests using LDAP. Custom Auth server: External Authentication with your own auth server Plugin Auth: Extend Gloo's built-in auth server with custom Go plugins Configuration format history: Overview of the external auth configuration formats supported by each GlooE version.
  19. 19. Look at Ambassador