1什么是thrift_proxy
thrift_proxy是一个用来代理thrift协议的network filter,名称为 envoy.filters.network.thrift_proxy 。
2配置
{"transport": "...",传输类型"protocol": "...",协议"stat_prefix": "...",stat前缀"route_config": "{...}",路由配置"thrift_filters": [],过滤器配置"payload_passthrough": "...",是否不解码数据"max_requests_per_connection": "{...}"每个连接最大请求数量}
transport:
Thrift transport types supported by Envoy.
•AUTO_TRANSPORT(DEFAULT) For downstream connections, the Thrift proxy will attempt to determine which transport to use. For upstream connections, the Thrift proxy will use same transport as the downstream connection.•FRAMEDThe Thrift proxy will use the Thrift framed transport.•UNFRAMEDThe Thrift proxy will use the Thrift unframed transport.•HEADERThe Thrift proxy will assume the client is using the Thrift header transport.
protocol:
Thrift Protocol types supported by Envoy.
•AUTO_PROTOCOL(DEFAULT) For downstream connections, the Thrift proxy will attempt to determine which protocol to use. Note that the older, non-strict (or lax) binary protocol is not included in automatic protocol detection. For upstream connections, the Thrift proxy will use the same protocol as the downstream connection.•BINARYThe Thrift proxy will use the Thrift binary protocol.•LAX_BINARYThe Thrift proxy will use Thrift non-strict binary protocol.•COMPACTThe Thrift proxy will use the Thrift compact protocol.•TWITTERThe Thrift proxy will use the Thrift “Twitter” protocol implemented by the finagle library.
route_config:
{"name": "...",名称"routes": []路由}
routes:
{"match": "{...}",匹配条件"route": "{...}"路由动作}
match:
{"method_name": "...",方法名称"service_name": "...",服务名称"invert": "...",反向匹配"headers": []头}
headers:
{"name": "...",名称"exact_match": "...",精确匹配"safe_regex_match": "{...}",正则匹配"range_match": "{...}",范围匹配"present_match": "...",存在匹配"prefix_match": "...",前缀匹配"suffix_match": "...",后缀匹配"contains_match": "...",包含匹配"string_match": "{...}",字符串匹配"invert_match": "..."反向匹配}
route:
{"cluster": "...",集群"weighted_clusters": "{...}",加权集群"cluster_header": "...",从头获取路由信息"metadata_match": "{...}",元数据匹配"rate_limits": [],限流配置"strip_service_name": "...",方法名除去service名称"request_mirror_policies": []镜像策略}
weighted_clusters:
{"clusters": []集群配置}
clusters:
{"name": "...",名称"weight": "{...}",权重"metadata_match": "{...}"元数据匹配}
rate_limits:
{"stage": "{...}",阶段,默认0"disable_key": "...",禁用限流的key"actions": [],动作"limit": "{...}"覆盖限流}
thrift_filters:
{"name": "...",名称"typed_config": "{...}"配置}
•envoy.filters.thrift.ratelimit•envoy.filters.thrift.router
3实战
3.1准备工作
例子来自:https://github.com/aeraki-framework/thrift-envoyfilter-example
部署应用
thrift-deploy.yaml
kubectl apply -f thrift-deploy.yaml -n istio
---apiVersion: apps/v1kind: Deploymentmetadata:name: thrift-sample-server-v1labels:app: thrift-sample-serverspec:selector:matchLabels:app: thrift-sample-serverreplicas: 1template:metadata:labels:app: thrift-sample-serverversion: v1spec:containers:- name: thrift-sample-serverimage: registry.cn-hangzhou.aliyuncs.com/hxpdocker/thrift-sample-server:latestimagePullPolicy: IfNotPresentports:- containerPort: 9090---apiVersion: apps/v1kind: Deploymentmetadata:name: thrift-sample-server-v2labels:app: thrift-sample-serverspec:selector:matchLabels:app: thrift-sample-serverreplicas: 1template:metadata:labels:app: thrift-sample-serverversion: v2spec:containers:- name: thrift-sample-serverimage: registry.cn-hangzhou.aliyuncs.com/hxpdocker/thrift-sample-server:latestimagePullPolicy: IfNotPresentports:- containerPort: 9090---apiVersion: apps/v1kind: Deploymentmetadata:name: thrift-sample-clientlabels:app: thrift-sample-clientspec:selector:matchLabels:app: thrift-sample-clientreplicas: 1template:metadata:labels:app: thrift-sample-clientspec:containers:- name: thrift-sample-clientimage: registry.cn-hangzhou.aliyuncs.com/hxpdocker/thrift-sample-client:latestimagePullPolicy: IfNotPresentenv:- name: helloServervalue: "thrift-sample-server"- name: modevalue: "demo"---apiVersion: v1kind: Servicemetadata:name: thrift-sample-serverspec:selector:app: thrift-sample-serverports:- name: tcp-thrift-hello-serverprotocol: TCPport: 9090targetPort: 9090---
应用配置
dr-thrift.yaml
kubectl apply -f dr-thrift.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: DestinationRulemetadata:name: thrift-sample-serverspec:host: thrift-sample-serversubsets:- name: v1labels:version: v1- name: v2labels:version: v2
3.2cluster
ef-cluster.yaml
kubectl apply -f ef-cluster.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: inbound|9090||
替换${thrift-sample-server-vip}
3.3weighted_cluster
ef-weighted_cluster.yaml
kubectl apply -f ef-weighted_cluster.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:weighted_clusters:clusters:- name: "outbound|9090|v1|thrift-sample-server.istio.svc.cluster.local"weight: 50- name: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"weight: 50- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: inbound|9090||
替换${thrift-sample-server-vip}
3.4match
{"method_name": "...",方法名称"service_name": "...",服务名称"invert": "...",反向匹配"headers": []头}
3.4.1method_name
ef-match-method_name.yaml
kubectl apply -f ef-match-method_name.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:method_name: "sayHello"route:weighted_clusters:clusters:- name: "outbound|9090|v1|thrift-sample-server.istio.svc.cluster.local"weight: 50- name: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"weight: 50- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:method_name: "sayHello"route:cluster: inbound|9090||
3.4.2service_name
测试不成功,不知道servicename 格式
ef-match-service_name.yaml
kubectl apply -f ef-match-service_name.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"route:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"route:cluster: inbound|9090||
3.4.3invert
ef-match-invert.yaml
kubectl apply -f ef-match-invert.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueroute:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueroute:cluster: inbound|9090||
3.4.4headers
ef-match-headers.yaml
kubectl apply -f ef-match-headers.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:cluster: inbound|9090||
3.5metadata_match
3.5.1metadata_match
测试不成功
ef-match-metadata_match.yaml
kubectl apply -f ef-match-metadata_match.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"metadata_match:filter_metadata:envoy.lb:version: v1- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:cluster: inbound|9090||metadata_match:filter_metadata:envoy.lb:version: v1
3.5.2weighted_clusters metadata_match
ef-weighted_clusters-metadata_match.yaml
kubectl apply -f ef-weighted_clusters-metadata_match.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:weighted_clusters:clusters:- name: "outbound|9090|v1|thrift-sample-server.istio.svc.cluster.local"weight: 50metadata_match:filter_metadata:envoy.lb:version: v1- name: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"weight: 50metadata_match:filter_metadata:envoy.lb:version: v1- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:service_name: "org.aeraki.HelloService"invert: trueheaders:- name: testpresent_match: falseroute:cluster: inbound|9090||metadata_match:filter_metadata:envoy.lb:version: v1
3.6rate_limits
{"stage": "{...}",阶段,默认0"disable_key": "...",禁用限流的key"actions": [],动作"limit": "{...}"覆盖限流}
actions:
{"source_cluster": "{...}",源集群动作"destination_cluster": "{...}",目标集群动作"request_headers": "{...}",请求头动作"remote_address": "{...}",远程地址动作"generic_key": "{...}",通用key动作"header_value_match": "{...}",头匹配动作"dynamic_metadata": "{...}",动态元数据动作"metadata": "{...}",元数据动作"extension": "{...}"扩展动作}
部署ratelimit
1创建cm
cat << EOF > ratelimit-config.yamlapiVersion: v1kind: ConfigMapmetadata:name: ratelimit-configdata:config.yaml: |domain: productpage-ratelimitdescriptors:- key: source_clustervalue: "thrift-sample-client.istio"rate_limit:unit: minuterequests_per_unit: 1- key: source_clusterrate_limit:unit: minuterequests_per_unit: 10EOFkubectl apply -f ratelimit-config.yaml -n istio
2创建限速服务deployment
cat << EOF > ratelimit-deploy.yamlapiVersion: v1kind: Servicemetadata:name: redislabels:app: redisspec:ports:- name: redisport: 6379selector:app: redis---apiVersion: apps/v1kind: Deploymentmetadata:name: redisspec:replicas: 1selector:matchLabels:app: redistemplate:metadata:labels:app: redisspec:containers:- image: redis:alpineimagePullPolicy: IfNotPresentname: redisports:- name: rediscontainerPort: 6379restartPolicy: AlwaysserviceAccountName: ""---apiVersion: v1kind: Servicemetadata:name: ratelimitlabels:app: ratelimitspec:ports:- name: http-portport: 8080targetPort: 8080protocol: TCP- name: grpc-portport: 8081targetPort: 8081protocol: TCP- name: http-debugport: 6070targetPort: 6070protocol: TCPselector:app: ratelimit---apiVersion: apps/v1kind: Deploymentmetadata:name: ratelimitspec:replicas: 1selector:matchLabels:app: ratelimitstrategy:type: Recreatetemplate:metadata:labels:app: ratelimitspec:containers:- image: envoyproxy/ratelimit:6f5de117 # 2021/01/08imagePullPolicy: IfNotPresentname: ratelimitcommand: ["/bin/ratelimit"]env:- name: LOG_LEVELvalue: debug- name: REDIS_SOCKET_TYPEvalue: tcp- name: REDIS_URLvalue: redis:6379- name: USE_STATSDvalue: "false"- name: RUNTIME_ROOTvalue: /data- name: RUNTIME_SUBDIRECTORYvalue: ratelimitports:- containerPort: 8080- containerPort: 8081- containerPort: 6070volumeMounts:- name: config-volumemountPath: /data/ratelimit/config/config.yamlsubPath: config.yamlvolumes:- name: config-volumeconfigMap:name: ratelimit-configEOFkubectl apply -f ratelimit-deploy.yaml -n istio
ef-ratelimit-source_cluster.yaml
kubectl apply -f ef-ratelimit-source_cluster.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.ratelimittyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimitdomain: productpage-ratelimitstage: 0timeout: 3sfailure_mode_deny: truerate_limit_service:grpc_service:envoy_grpc:cluster_name: rate_limit_clustertimeout: 10stransport_api_version: V3- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:rate_limits:- stage: 0actions:- source_cluster: {}weighted_clusters:clusters:- name: "outbound|9090|v1|thrift-sample-server.istio.svc.cluster.local"weight: 50- name: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"weight: 50- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: inbound|9090||rate_limits:- stage: 0actions:- source_cluster: {}- applyTo: CLUSTERmatch:cluster:service: ratelimit.istio.svc.cluster.localpatch:operation: ADDvalue:name: rate_limit_clustertype: STRICT_DNSconnect_timeout: 10slb_policy: ROUND_ROBINhttp2_protocol_options: {}load_assignment:cluster_name: rate_limit_clusterendpoints:- lb_endpoints:- endpoint:address:socket_address:address: ratelimit.istio.svc.cluster.localport_value: 8081
3.7request_mirror_policies
配置不生效
thrift-sample-server-v3.yaml
kubectl apply -f thrift-sample-server-v3.yaml -n istio
apiVersion: apps/v1kind: Deploymentmetadata:name: thrift-sample-server-v3labels:app: thrift-sample-serverspec:selector:matchLabels:app: thrift-sample-serverreplicas: 1template:metadata:labels:app: thrift-sample-serverversion: v3spec:containers:- name: thrift-sample-serverimage: registry.cn-hangzhou.aliyuncs.com/hxpdocker/thrift-sample-server:latestimagePullPolicy: IfNotPresentports:- containerPort: 9090---
dr-thrift-v3.yaml
kubectl apply -f dr-thrift-v3.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: DestinationRulemetadata:name: thrift-sample-serverspec:host: thrift-sample-serversubsets:- name: v1labels:version: v1- name: v2labels:version: v2- name: v3labels:version: v3
ef-request_mirror_policies.yaml
kubectl apply -f ef-request_mirror_policies.yaml -n istio
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"request_mirror_policies:- cluster: outbound|9090|v3|thrift-sample-server.istio.svc.cluster.localruntime_fraction:default_value:numerator: 100denominator: HUNDREDruntime_key: thrift.enforce- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: inbound|9090||
3.8thrift_filters
apiVersion: networking.istio.io/v1alpha3kind: EnvoyFiltermetadata:name: thrift-sample-serverspec:configPatches:- applyTo: NETWORK_FILTERmatch:listener:name: ${thrift-sample-server-vip}_9090 # sed -i .bak "s/\${thrift-sample-server-vip}/`kubectl get svc thrift-sample-server -n thrift -o=jsonpath='{.spec.clusterIP}'`/" istio/envoyfilter-thrift-proxy.yamlfilterChain:filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: "outbound|9090||thrift-sample-server.thrift.svc.cluster.local"transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.ratelimittyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.filters.ratelimit.v3.RateLimitdomain: productpage-ratelimitstage: 0timeout: 3sfailure_mode_deny: truerate_limit_service:grpc_service:envoy_grpc:cluster_name: rate_limit_clustertimeout: 10stransport_api_version: V3- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:rate_limits:- stage: 0actions:- source_cluster: {}weighted_clusters:clusters:- name: "outbound|9090|v1|thrift-sample-server.istio.svc.cluster.local"weight: 50- name: "outbound|9090|v2|thrift-sample-server.istio.svc.cluster.local"weight: 50- applyTo: NETWORK_FILTERmatch:listener:name: virtualInboundfilterChain:destinationPort: 9090filter:name: "envoy.filters.network.tcp_proxy"patch:operation: REPLACEvalue:name: envoy.filters.network.thrift_proxytyped_config:"@type": type.googleapis.com/envoy.extensions.filters.network.thrift_proxy.v3.ThriftProxystat_prefix: inbound|9090||transport: AUTO_TRANSPORTprotocol: AUTO_PROTOCOLthrift_filters:- name: envoy.filters.thrift.routerroute_config:routes:- match:# empty string matches any request method namemethod_name: ""route:cluster: inbound|9090||rate_limits:- stage: 0actions:- source_cluster: {}- applyTo: CLUSTERmatch:cluster:service: ratelimit.istio.svc.cluster.localpatch:operation: ADDvalue:name: rate_limit_clustertype: STRICT_DNSconnect_timeout: 10slb_policy: ROUND_ROBINhttp2_protocol_options: {}load_assignment:cluster_name: rate_limit_clusterendpoints:- lb_endpoints:- endpoint:address:socket_address:address: ratelimit.istio.svc.cluster.localport_value: 8081
文章转载自k8s实战,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
