领事 fabio 微服务
Consul fabio microservices
你能澄清一下让 Consul 运行 在本地机器上(不是在开发模式下(!))连接的主要步骤是什么吗?来自另一个微服务的微服务,如果可以使用 Fabio 作为负载均衡器。
我应该用 acl 和 ets 创建一个数据中心吗?
太多的文档,但仍然不清楚从什么开始。
非常感谢!
这是一个分步示例,说明如何配置 Fabio 以路由到在受 ACL 保护的 Consul 服务器环境中注册的微服务。
首先,您需要为 Consul 和 Fabio 创建一些配置文件。
$ tree
.
├── conf.d
│ ├── config.hcl
│ └── web.hcl
├── fabio-policy.hcl
└── fabio.properties
下面简要概述了我们将添加到这些文件中的内容。
conf.d - Consul 服务器配置目录。 config.hcl 定义了 Consul 服务器配置,web.hcl 是我们示例 Web 服务的服务定义。fabio-policy.hcl - 将分配给为 Fabio LB 创建的令牌的 Consul ACL 策略。fabio.properties - Fabio 配置文件。
创建配置文件
conf.d/config.hcl
这是一个启用了 ACL 的基本单节点 Consul 服务器集群(推荐 3 个或更多用于生产)。
# Configure the Consul agent to operate as a server
server = true
# Expect only one server member in this cluster
bootstrap_expect = 1
# Persistent storage path. Should not be under /tmp for production envs.
data_dir = "/tmp/consul-fabio-so"
acl {
# Enable ACLs
enabled = true
# Set default ACL policy to deny
default_policy = "deny"
}
# Enable the Consul UI
ui_config {
enabled = true
}
web.hcl
这是一个服务定义,它将名为“web”的服务注册到 Consul 目录中。
service {
# Define the name of the service'
name = "web"
# Specify the listening port for the service
port = 8080
# Register a HTTP health check (requried by Fabio) for this service
# By default Fabio will only route to healthy services in the Consul catalog.
check {
id = "web"
http = "http://localhost:8080"
interval = "10s"
timeout = "1s"
}
# Fabio dynamically configures itself based on tags assigned to services in
# the Consul catalog. By default, 'urlprefix-` is the prefix for tags which
# define routes. Services which define routes publish one or more tags with
# host/path # routes which they serve. These tags must have this prefix to be
# recognized as routes.
#
# Configure Fabio to route requests to '/' to our backend service.
tags = [
"urlprefix-/"
]
}
fabio-policy.hcl
此 ACL 策略允许 Fabio 将自己注册到 Consul 目录、发现后端服务和其他 Fabio 配置。此策略将在引导 ACL 系统后在 Consul 中创建。
# Allow Fabio to discover which agent it is running on.
# Can be scoped to specific node(s) if additional security is requried
agent_prefix "" {
policy = "read"
}
# Allow Fabio to lookup any service in Consul's catalog
service_prefix "" {
policy = "read"
}
# Allow Fabio to lookup nodes so that it can resolve services endpoints to the
# correct node IP.
node_prefix "" {
policy = "read"
}
# Allow Fabio to register itself as a service in Consul.
# This used for Fabio instances to be discoverable in Consul's catalog, and for
# Consul to execute health checks against Fabio.
service "fabio" {
policy = "write"
}
# Allow Fabio to read configuration overrides from the KV store
# https://github.com/fabiolb/fabio/wiki/Routing#manual-overrides
key_prefix "fabio/config" {
policy = "read"
}
fabio.properties
这是 Fabio 的配置文件。
Configures the ACL token to use when authenticating to Consul.
registry.consul.token = "<token. To be created later>"
启动并配置 Consul
启动 Consul 服务器(不是开发模式)。
$ consul agent -config-dir=conf.d
==> Starting Consul agent...
Version: '1.9.5'
Node ID: 'f80693eb-0f47-1f9f-e8cc-063ad28ca8da'
Node name: 'b1000.local'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: true)
Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600)
Cluster Addr: 10.0.0.21 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
==> Log data will now stream in as it occurs:
...
BootstrapACL系统。这将创建一个具有特权的管理令牌
对于整个集群。保存此信息。
$ consul acl bootstrap
AccessorID: e135b234-2227-71fe-1999-ffb75c659110
SecretID: ef475ff8-5f92-6f8e-0a59-2ad3f8ed8dda
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2021-06-05 14:26:07.02198 -0700 PDT
Policies:
00000000-0000-0000-0000-000000000001 - global-management
将 CONSUL_HTTP_TOKEN 环境变量设置为我们的秘密 ID 的值。
这将用于后续管理命令。
$ export CONSUL_HTTP_TOKEN="ef475ff8-5f92-6f8e-0a59-2ad3f8ed8dda"
为 Fabio 创建 ACL 策略
$ consul acl policy create -name=fabio-policy -rules=@fabio-policy.hcl
<output snipped>
...
为使用此策略的 Fabio 创建一个令牌。
$ consul acl token create -description="Token for Fabio LB" -policy-name="fabio-policy"
AccessorID: 474db6b0-73b0-3149-dafc-a50bab41b574
SecretID: b6490a01-89a8-01a1-bbdf-5c7e9898d6ea
Description: Token for Fabio LB
Local: false
Create Time: 2021-06-05 15:13:09.124182 -0700 PDT
Policies:
fc0c6a84-8633-72cc-5d59-4e0e60087199 - fabio-policy
更新 fabio.properties 并设置令牌 ID。
# registry.consul.token configures the acl token for consul.
registry.consul.token = b6490a01-89a8-01a1-bbdf-5c7e9898d6e
启动网络服务器和 Fabio
启动后端 Web 服务器,以便它可以接受连接。对于这个例子,我将使用 devd.
此命令指示 devd 侦听系统上所有 IP 上的端口 8080,并提供当前目录中的内容。
$ devd --all --port=8080 .
15:21:46: Route / -> reads files from .
15:21:46: Listening on http://devd.io:8080 ([::]:8080)
接下来,启动 Fabio。
$ fabio -cfg fabio.properties
2021/06/05 15:22:40 [INFO] Setting log level to INFO
2021/06/05 15:22:40 [INFO] Runtime config
<snip>
...
2021/06/05 15:22:40 [INFO] Version 1.5.14 starting
2021/06/05 15:22:40 [INFO] Go runtime is go1.16.2
2021/06/05 15:22:40 [INFO] Metrics disabled
2021/06/05 15:22:40 [INFO] Setting GOGC=100
2021/06/05 15:22:40 [INFO] Setting GOMAXPROCS=16
2021/06/05 15:22:40 [INFO] consul: Connecting to "localhost:8500" in datacenter "dc1"
2021/06/05 15:22:40 [INFO] Admin server access mode "rw"
2021/06/05 15:22:40 [INFO] Admin server listening on ":9998"
2021/06/05 15:22:40 [INFO] Waiting for first routing table
2021/06/05 15:22:40 [INFO] consul: Using dynamic routes
2021/06/05 15:22:40 [INFO] consul: Using tag prefix "urlprefix-"
2021/06/05 15:22:40 [INFO] consul: Watching KV path "/fabio/config"
2021/06/05 15:22:40 [INFO] consul: Watching KV path "/fabio/noroute.html"
2021/06/05 15:22:40 [INFO] HTTP proxy listening on :9999
2021/06/05 15:22:40 [INFO] Access logging disabled
2021/06/05 15:22:40 [INFO] Using routing strategy "rnd"
2021/06/05 15:22:40 [INFO] Using route matching "prefix"
2021/06/05 15:22:40 [INFO] Config updates
+ route add web / http://10.0.0.21:8080/
2021/06/05 15:22:40 [INFO] consul: Registered fabio as "fabio"
...
虽然省略了一些输出,但我们可以看到 Fabio 正在侦听端口 9999,正在成功查看 Consul 的 KV 以进行配置,已成功发现我们的“web”服务,并将自己注册到 Consul 的目录中。
如果您通过 http://localhost:9999 连接到 Fabio,您应该会看到后端 Web 服务器 devd 返回的目录列表,它正在侦听端口 8080。
你能澄清一下让 Consul 运行 在本地机器上(不是在开发模式下(!))连接的主要步骤是什么吗?来自另一个微服务的微服务,如果可以使用 Fabio 作为负载均衡器。 我应该用 acl 和 ets 创建一个数据中心吗? 太多的文档,但仍然不清楚从什么开始。 非常感谢!
这是一个分步示例,说明如何配置 Fabio 以路由到在受 ACL 保护的 Consul 服务器环境中注册的微服务。
首先,您需要为 Consul 和 Fabio 创建一些配置文件。
$ tree
.
├── conf.d
│ ├── config.hcl
│ └── web.hcl
├── fabio-policy.hcl
└── fabio.properties
下面简要概述了我们将添加到这些文件中的内容。
conf.d- Consul 服务器配置目录。config.hcl定义了 Consul 服务器配置,web.hcl是我们示例 Web 服务的服务定义。fabio-policy.hcl- 将分配给为 Fabio LB 创建的令牌的 Consul ACL 策略。fabio.properties- Fabio 配置文件。
创建配置文件
conf.d/config.hcl
这是一个启用了 ACL 的基本单节点 Consul 服务器集群(推荐 3 个或更多用于生产)。
# Configure the Consul agent to operate as a server
server = true
# Expect only one server member in this cluster
bootstrap_expect = 1
# Persistent storage path. Should not be under /tmp for production envs.
data_dir = "/tmp/consul-fabio-so"
acl {
# Enable ACLs
enabled = true
# Set default ACL policy to deny
default_policy = "deny"
}
# Enable the Consul UI
ui_config {
enabled = true
}
web.hcl
这是一个服务定义,它将名为“web”的服务注册到 Consul 目录中。
service {
# Define the name of the service'
name = "web"
# Specify the listening port for the service
port = 8080
# Register a HTTP health check (requried by Fabio) for this service
# By default Fabio will only route to healthy services in the Consul catalog.
check {
id = "web"
http = "http://localhost:8080"
interval = "10s"
timeout = "1s"
}
# Fabio dynamically configures itself based on tags assigned to services in
# the Consul catalog. By default, 'urlprefix-` is the prefix for tags which
# define routes. Services which define routes publish one or more tags with
# host/path # routes which they serve. These tags must have this prefix to be
# recognized as routes.
#
# Configure Fabio to route requests to '/' to our backend service.
tags = [
"urlprefix-/"
]
}
fabio-policy.hcl
此 ACL 策略允许 Fabio 将自己注册到 Consul 目录、发现后端服务和其他 Fabio 配置。此策略将在引导 ACL 系统后在 Consul 中创建。
# Allow Fabio to discover which agent it is running on.
# Can be scoped to specific node(s) if additional security is requried
agent_prefix "" {
policy = "read"
}
# Allow Fabio to lookup any service in Consul's catalog
service_prefix "" {
policy = "read"
}
# Allow Fabio to lookup nodes so that it can resolve services endpoints to the
# correct node IP.
node_prefix "" {
policy = "read"
}
# Allow Fabio to register itself as a service in Consul.
# This used for Fabio instances to be discoverable in Consul's catalog, and for
# Consul to execute health checks against Fabio.
service "fabio" {
policy = "write"
}
# Allow Fabio to read configuration overrides from the KV store
# https://github.com/fabiolb/fabio/wiki/Routing#manual-overrides
key_prefix "fabio/config" {
policy = "read"
}
fabio.properties
这是 Fabio 的配置文件。
Configures the ACL token to use when authenticating to Consul.
registry.consul.token = "<token. To be created later>"
启动并配置 Consul
启动 Consul 服务器(不是开发模式)。
$ consul agent -config-dir=conf.d ==> Starting Consul agent... Version: '1.9.5' Node ID: 'f80693eb-0f47-1f9f-e8cc-063ad28ca8da' Node name: 'b1000.local' Datacenter: 'dc1' (Segment: '<all>') Server: true (Bootstrap: true) Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600) Cluster Addr: 10.0.0.21 (LAN: 8301, WAN: 8302) Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false ==> Log data will now stream in as it occurs: ...BootstrapACL系统。这将创建一个具有特权的管理令牌 对于整个集群。保存此信息。
$ consul acl bootstrap AccessorID: e135b234-2227-71fe-1999-ffb75c659110 SecretID: ef475ff8-5f92-6f8e-0a59-2ad3f8ed8dda Description: Bootstrap Token (Global Management) Local: false Create Time: 2021-06-05 14:26:07.02198 -0700 PDT Policies: 00000000-0000-0000-0000-000000000001 - global-management将
CONSUL_HTTP_TOKEN环境变量设置为我们的秘密 ID 的值。 这将用于后续管理命令。$ export CONSUL_HTTP_TOKEN="ef475ff8-5f92-6f8e-0a59-2ad3f8ed8dda"为 Fabio 创建 ACL 策略
$ consul acl policy create -name=fabio-policy -rules=@fabio-policy.hcl <output snipped> ...为使用此策略的 Fabio 创建一个令牌。
$ consul acl token create -description="Token for Fabio LB" -policy-name="fabio-policy" AccessorID: 474db6b0-73b0-3149-dafc-a50bab41b574 SecretID: b6490a01-89a8-01a1-bbdf-5c7e9898d6ea Description: Token for Fabio LB Local: false Create Time: 2021-06-05 15:13:09.124182 -0700 PDT Policies: fc0c6a84-8633-72cc-5d59-4e0e60087199 - fabio-policy更新 fabio.properties 并设置令牌 ID。
# registry.consul.token configures the acl token for consul. registry.consul.token = b6490a01-89a8-01a1-bbdf-5c7e9898d6e
启动网络服务器和 Fabio
启动后端 Web 服务器,以便它可以接受连接。对于这个例子,我将使用 devd.
此命令指示 devd 侦听系统上所有 IP 上的端口 8080,并提供当前目录中的内容。
$ devd --all --port=8080 .
15:21:46: Route / -> reads files from .
15:21:46: Listening on http://devd.io:8080 ([::]:8080)
接下来,启动 Fabio。
$ fabio -cfg fabio.properties
2021/06/05 15:22:40 [INFO] Setting log level to INFO
2021/06/05 15:22:40 [INFO] Runtime config
<snip>
...
2021/06/05 15:22:40 [INFO] Version 1.5.14 starting
2021/06/05 15:22:40 [INFO] Go runtime is go1.16.2
2021/06/05 15:22:40 [INFO] Metrics disabled
2021/06/05 15:22:40 [INFO] Setting GOGC=100
2021/06/05 15:22:40 [INFO] Setting GOMAXPROCS=16
2021/06/05 15:22:40 [INFO] consul: Connecting to "localhost:8500" in datacenter "dc1"
2021/06/05 15:22:40 [INFO] Admin server access mode "rw"
2021/06/05 15:22:40 [INFO] Admin server listening on ":9998"
2021/06/05 15:22:40 [INFO] Waiting for first routing table
2021/06/05 15:22:40 [INFO] consul: Using dynamic routes
2021/06/05 15:22:40 [INFO] consul: Using tag prefix "urlprefix-"
2021/06/05 15:22:40 [INFO] consul: Watching KV path "/fabio/config"
2021/06/05 15:22:40 [INFO] consul: Watching KV path "/fabio/noroute.html"
2021/06/05 15:22:40 [INFO] HTTP proxy listening on :9999
2021/06/05 15:22:40 [INFO] Access logging disabled
2021/06/05 15:22:40 [INFO] Using routing strategy "rnd"
2021/06/05 15:22:40 [INFO] Using route matching "prefix"
2021/06/05 15:22:40 [INFO] Config updates
+ route add web / http://10.0.0.21:8080/
2021/06/05 15:22:40 [INFO] consul: Registered fabio as "fabio"
...
虽然省略了一些输出,但我们可以看到 Fabio 正在侦听端口 9999,正在成功查看 Consul 的 KV 以进行配置,已成功发现我们的“web”服务,并将自己注册到 Consul 的目录中。
如果您通过 http://localhost:9999 连接到 Fabio,您应该会看到后端 Web 服务器 devd 返回的目录列表,它正在侦听端口 8080。