Envoy sidecar-proxy public 侦听器
Envoy sidecar-proxy public listener
我正在尝试设置一个服务网格 PoC,我有三个微服务,每个 运行 它们的 sidecar-proxy(通过 envoy)。我 运行 以下命令启动代理:
consul connect envoy -sidecar-for <CONSUL_SERVICE_ID> -admin-bind 127.0.0.1:19000 -http-addr http://127.0.0.1:8500 -grpc-addr 127.0.0.1:8502
问题是我的 sidecar-proxy 在端口 21002 上启动了一个 public 侦听器(不知道这个端口名称来自哪里,找不到 envoy 的配置文件)并且无法访问.这导致我的 sidecar 健康检查失败,因此我的服务重定向失败。
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
您对访问此特使 public 侦听器有任何想法吗?
sidecar 日志:
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
管理端口对调试 Envoy 代理非常有帮助。您可以从中获取活动的侦听器、集群,甚至是完整的配置转储。在不使用 consul-connect 的情况下,我只能从你的输出中猜测一点,但我会从端口 19000 开始。
执行任何主机 运行 代理,并尝试 curl localhost:19000/listeners 并查看它是否响应(或任何其他 admin path)。如果它响应,您可以获得完整的 /config_dump,它将描述该 sidecar 的整个设置:它正在侦听哪些端口,它们是否启用了 TLS,它们匹配的路径等等。
public 侦听器端口由 Consul 从默认范围 (21000 - 21255) 自动分配给 sidecar。它用于接收来自网格中其他代理的 mTLS 连接。该范围可以在 ports {} 节下的 Consul 代理配置中定义。
ports {
sidecar_min_port = 30000
sidecar_max_port = 31000
}
有关特定文档,请参阅 https://www.consul.io/docs/agent/options#sidecar_min_port。
您可以使用 sidecar 服务定义中的 port 参数 select 特定端口。
{
"service": {
"name": "web",
"port": 8080,
"connect": {
"sidecar_service": {
"port": 31000
}
}
}
}
我正在尝试设置一个服务网格 PoC,我有三个微服务,每个 运行 它们的 sidecar-proxy(通过 envoy)。我 运行 以下命令启动代理:
consul connect envoy -sidecar-for <CONSUL_SERVICE_ID> -admin-bind 127.0.0.1:19000 -http-addr http://127.0.0.1:8500 -grpc-addr 127.0.0.1:8502
问题是我的 sidecar-proxy 在端口 21002 上启动了一个 public 侦听器(不知道这个端口名称来自哪里,找不到 envoy 的配置文件)并且无法访问.这导致我的 sidecar 健康检查失败,因此我的服务重定向失败。
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
您对访问此特使 public 侦听器有任何想法吗?
sidecar 日志:
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718
管理端口对调试 Envoy 代理非常有帮助。您可以从中获取活动的侦听器、集群,甚至是完整的配置转储。在不使用 consul-connect 的情况下,我只能从你的输出中猜测一点,但我会从端口 19000 开始。
执行任何主机 运行 代理,并尝试 curl localhost:19000/listeners 并查看它是否响应(或任何其他 admin path)。如果它响应,您可以获得完整的 /config_dump,它将描述该 sidecar 的整个设置:它正在侦听哪些端口,它们是否启用了 TLS,它们匹配的路径等等。
public 侦听器端口由 Consul 从默认范围 (21000 - 21255) 自动分配给 sidecar。它用于接收来自网格中其他代理的 mTLS 连接。该范围可以在 ports {} 节下的 Consul 代理配置中定义。
ports {
sidecar_min_port = 30000
sidecar_max_port = 31000
}
有关特定文档,请参阅 https://www.consul.io/docs/agent/options#sidecar_min_port。
您可以使用 sidecar 服务定义中的 port 参数 select 特定端口。
{
"service": {
"name": "web",
"port": 8080,
"connect": {
"sidecar_service": {
"port": 31000
}
}
}
}