【问题标题】:Envoy sidecar-proxy public listenerEnvoy sidecar-proxy 公共监听器
【发布时间】:2020-06-16 15:03:56
【问题描述】:

我正在尝试设置一个 Service Mesh PoC,我有三个微服务,每个微服务都使用它们的 sidecar-proxy(通过 envoy)运行。我运行以下命令来启动代理:

consul connect envoy -sidecar-for <CONSUL_SERVICE_ID> -admin-bind 127.0.0.1:19000 -http-addr http://127.0.0.1:8500 -grpc-addr 127.0.0.1:8502

问题是我的 sidecar-proxy 在端口 21002 上启动了一个公共侦听器(不知道这个端口名称来自哪里,envoy 的配置文件无处可寻)并且无法访问。这会导致我的 sidecar 健康检查失败,从而导致我的服务重定向失败。

[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718

您对访问此特使公共侦听器有任何想法吗?

边车日志:

[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/filter_chain_manager_impl.cc:214] new fc_contexts has 1 filter chains, including 1 newly built
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/target_impl.cc:15] init manager Server initializing target Listener-init-target public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/manager_impl.cc:45] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 contains no targets
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] init manager Listener-local-init-manager public_listener:10.26.57.59:21000 5712408582249607733 initialized, notifying Listener-local-init-watcher public_listener:10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][init] [external/envoy/source/common/init/watcher_impl.cc:14] target Listener-init-target public_listener:10.26.57.59:21000 initialized, notifying init manager Server
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:80] Create listen socket for listener public_listener:10.26.57.59:21000 on address 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:70] Set listener public_listener:10.26.57.59:21000 socket factory local address to 10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_impl.cc:508] add active listener: name=public_listener:10.26.57.59:21000, hash=5712408582249607733, address=10.26.57.59:21000
[2020-06-16 15:02:30.672][24383][info][upstream] [external/envoy/source/server/lds_api.cc:76] lds: add/update listener 'public_listener:10.26.57.59:21000'
[2020-06-16 15:02:30.672][24383][warning][misc] [external/envoy/source/common/protobuf/utility.cc:198] Using deprecated option 'envoy.api.v2.listener.Filter.config' from file listener_components.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/intro/deprecated for details.
[2020-06-16 15:02:30.672][24383][debug][config] [external/envoy/source/server/listener_manager_impl.cc:386] begin add/update listener: name=javatestrs-microc-cicdev:127.0.0.1:6610 hash=14335360969741422718

【问题讨论】:

    标签: consul envoyproxy mesh-network sidecar


    【解决方案1】:

    对调试 Envoy 代理非常有帮助的一件事是管理端口。您可以从中获取活动的侦听器、集群,甚至是完整的配置转储。如果不使用 consul-connect,我只能从您的输出中猜测一下,但我会从端口 19000 开始。

    执行到运行代理的任何主机,并尝试curl localhost:19000/listeners 并查看它是否响应(或任何其他admin path)。如果它响应,您可以获得完整的/config_dump,它将描述该 sidecar 的整个设置:它正在侦听哪些端口、它们是否启用了 TLS、它们匹配的路径等等。

    【讨论】:

      【解决方案2】:

      公共侦听器端口由 Consul 从默认范围 (21000 - 21255) 自动分配给 sidecar。它用于从网格中的其他代理接收 mTLS 连接。该范围可以在 Consul 代理的配置中的 ports {} 节下定义。

      ports {
        sidecar_min_port = 30000
        sidecar_max_port = 31000
      }
      

      具体文档请参见https://www.consul.io/docs/agent/options#sidecar_min_port

      您可以使用边车服务定义中的port 参数选择特定端口。

      {
        "service": {
          "name": "web",
          "port": 8080,
          "connect": {
            "sidecar_service": {
              "port": 31000
            }
          }
        }
      }
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 2019-02-08
        • 1970-01-01
        • 2020-11-03
        • 2015-03-03
        • 2022-12-06
        • 1970-01-01
        • 2021-07-06
        相关资源
        最近更新 更多