Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
production_ready_envoy
Search
Shuhei Ozawa
January 08, 2020
Technology
2
1.2k
production_ready_envoy
本番環境でEnvoyを導入するためにやったこと
Envoy Meetup Tokyo #1 の発表資料
https://envoytokyo.connpass.com/event/157711/
Shuhei Ozawa
January 08, 2020
Tweet
Share
More Decks by Shuhei Ozawa
See All by Shuhei Ozawa
Amebaアフィリエイト基盤の GKEアーキテクチャと マイクロサービス
ozashu
0
200
ログ・係数集約と可視化・分析
ozashu
0
140
Python for web architectures
ozashu
0
920
PyQではじめるPython
ozashu
0
430
インフラエンジニアのWEBアプリ入門
ozashu
1
8.1k
Other Decks in Technology
See All in Technology
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
190
SoccerNet GSRの紹介と技術応用:選手視点映像を提供するサッカー作戦盤ツール
mixi_engineers
PRO
1
190
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
150
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
950
Access-what? why and how, A11Y for All - Nordic.js 2025
gdomiciano
1
120
AIが書いたコードをAIが検証する!自律的なモバイルアプリ開発の実現
henteko
1
350
【Oracle Cloud ウェビナー】クラウド導入に「専用クラウド」という選択肢、Oracle AlloyとOCI Dedicated Region とは
oracle4engineer
PRO
3
110
OCI Network Firewall 概要
oracle4engineer
PRO
1
7.8k
GC25 Recap+: Advancing Go Garbage Collection with Green Tea
logica0419
1
430
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
kwappa
3
280
自動テストのコストと向き合ってみた
qa
0
190
[2025-09-30] Databricks Genie を利用した分析基盤とデータモデリングの IVRy の現在地
wxyzzz
0
500
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
850
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Designing for humans not robots
tammielis
254
25k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Statistics for Hackers
jakevdp
799
220k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
GitHub's CSS Performance
jonrohan
1032
460k
Gamification - CAS2011
davidbonilla
81
5.5k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.9k
Transcript
ຊ൪ڥͰEnvoyΛಋೖ͢ΔͨΊʹͬͨ͜ͱ
Outline 1. Ͳ͏ͯ͠EnvoyΛಋೖͨ͠ͷ? 2. ͜Μͳײ͡Ͱಋೖ͠·ͨ͠ 3. Configͷڞ௨Խ 4. ϩάϝτϦΫεपΓͷઃఆ 5.
࣮ࡍʹӡ༻ͯ͜͠·ͬͨ͜ͱ 6. ϝτϦΫεΛऔΓ͜΅͞ͳ͍ҝʹ
Ͳ͏ͯ͠EnvoyΛಋೖ͠ ͨͷ?
gRPCͷBalancingͷͨΊʹಋೖ αʔϏεσΟεΧόϦHeadless Services
͜Μͳײ͡Ͱಋೖ
Sidecarύλʔϯ
Configͷڞ௨Խ
ϚΠΫϩαʔϏεຖʹ։ൃऀ͕ҧ͏ EnvoyͷΩϟονΞοϓͷίετΛݮΒ͍ͨ͠ͷͰɺ શϚΠΫϩαʔϏεڞ௨ͷconfigΛ࡞͠ɺ ͦΕΛแͨ͠envoyΠϝʔδΛར༻͢Δ͜ͱʹͨ͠ɻ 4 ݸผʹConfigMapΛ࡞Βͳ͍͍ͯ͘ͷͱɺઃఆͷϨϕϧײ Λ౷Ұ͢Δ͜ͱ͕Ͱ͖ͨɻ
4 DockerfileΛॻ͍ͯΠϝʔδΛ༻ҙ 4 YAMLͷΞϯΧʔͱΤΠϦΞεͰهड़ྔΛݮΒ͢ type: STRICT_DNS lb_policy: ROUND_ROBIN connect_timeout: 0.25s
drain_connections_on_host_removal: true http2_protocol_options: {} health_checks: *health_checks outlier_detection: *outlier_detection circuit_breakers: *circuit_breakers
ϩάϝτϦΫεपΓͷ ઃఆ
ΞΫηεϩάͷઃఆ 4 %RESPONSE_FLAGS%ͰresponceͷใΛΈΔ͙Β͍ access_log: - name: envoy.file_access_log config: path: "/dev/stdout"
json_format: start_time: "%START_TIME%" method: "%REQ(:METHOD)%" path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" protocol: "%PROTOCOL%" response_code: "%RESPONSE_CODE%" response_flags: "%RESPONSE_FLAGS%" bytes_rcvd: "%BYTES_RECEIVED%" bytes_snt: "%BYTES_SENT%" duration: "%DURATION%" x-envoy-upstream-svc-time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%" x-forwarded-for: "%REQ(X-FORWARDED-FOR)%" useragent: "%REQ(USER-AGENT)%" x-request-id: "%REQ(X-REQUEST-ID)%" backend_address: "%UPSTREAM_HOST%" client: "%DOWNSTREAM_REMOTE_ADDRESS%" referer: "%REQ(REFERER)%" response_duration: "%RESPONSE_DURATION%" upstream_transport_failure_reason: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
Circuit Breaking աͳϦΫΤετͱ͔ίωΫγϣϯ͕͖ͨͱ͖ʹɺΞϓϦ͕Ԡ ෆՄʹͳΔͷΛ͙ circuit_breakers: &circuit_breakers thresholds: - priority: DEFAULT
max_connections: 1024 max_pending_requests: 1024 max_requests: 1024 max_retries: 3
outlier_detection podͷ500ܥ200ܥͷճΛΈͯΫϥελ͔ΒऔΓআ͘ ੍͔ޚ͍ͯ͠Δ consecutive_5xx: 5 interval: 5s base_ejection_time: 30s max_ejection_percent:
10 enforcing_consecutive_5xx: 100 enforcing_success_rate: 100 success_rate_minimum_hosts: 5 success_rate_request_volume: 100 success_rate_stdev_factor: 1900 consecutive_gateway_failure: 5 enforcing_consecutive_gateway_failure: 0 split_external_local_origin_errors: true consecutive_local_origin_failure: 5 enforcing_consecutive_local_origin_failure: 100 enforcing_local_origin_success_rate: 100 failure_percentage_threshold: 85 enforcing_failure_percentage: 0 enforcing_failure_percentage_local_origin: 0 failure_percentage_minimum_hosts: 5 failure_percentage_request_volume: 50
healthcheck appଆͰHTTPͷΤϯυϙΠϯτΛੜͯ͠Readiness/ Liveness Prove ͰͷhealthcheckΛͨ͠ gRPCͷhealthcheckαΠυΧʔͷenvoy͔ΒͷΈୟ͘Α͏ ʹ͍ͯ͠Δ
EnvoyͷϝτϦΫε ࣮ࡍDatadog APMͰऔಘͨ͠ϝτϦΫεΛΈ͍ͯΔ... annotations: ad.datadoghq.com/envoy.check_names: '["envoy"]' ad.datadoghq.com/envoy.init_configs: '[{}]' ad.datadoghq.com/envoy.instances: |
[ { "stats_url": "http://%%host%%:8001/stats" } ]
࣮ࡍʹӡ༻ͯ͠ࠔͬͨࣄ
pod ͕૿͑ΔͱϔϧενΣοΫͷgRPCΞΫηε͕ܶతʹ૿ ͑ͯ͠·͍APIࢹͰUNKNOWNͷΞϥʔτΛൃใ pass_through_mode: false ʹͯ͠ϔϧενΣοΫͷঢ়ଶΛ อ͓͍࣋ͯͯ͠ฦ͢Α͏ʹઃఆͨ͠ http_filters: - name:
envoy.health_check typed_config: "@type": type.googleapis.com/envoy.config.filter.http.health_check.v2.HealthCheck pass_through_mode: false cluster_min_healthy_percentages: self-grpc: value: 100 headers: - name: ":path" exact_match: /healthz no_traffic_interval ΛσϑΥϧτ 60s ʹͯ͠େྔͷϔϧ ενΣοΫΛૹ৴͠ͳ͍Α͏ʹ͍ͯ͠Δ
ϝτϦΫεΛऔΓ͜΅͞ ͳ͍ҝʹ
1. drain_connections_on_host_removal Λtrueʹͯ͠ healthcheckͷࣦഊΛͨͣʹservice discovery͔Βআ֎ ͤ͞Δ 2. ΞϓϦέʔγϣϯΛىಈ͢ΔલʹenvoyΛىಈͤ͞Δ 4 http://localhost:8001/ready
Λୟ͍ͯ200εςʔλ ε͕ฦ͖͔ͬͯͯΒΞϓϦΛىಈͤ͞Δ 3. envoy͕ऴྃ͢ΔલʹΞϓϦέʔγϣϯΛऴྃͤ͞Δ 4 ΞϓϦέʔγϣϯίϯςφ͔Βͷશͯͷଓ͕ΕΔ· ͰͭγΣϧܳΛ͍ͯ͠Δ
͓͠·͍