Envoy Getting Started
https://www.envoyproxy.io/docs/envoy/latest/start/start
Quick Start to Run Simple Example
$ docker pull envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3 $ docker run --rm -d -p 10000:10000 envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3 $ curl -v localhost:10000
タグ89d2b
っていつのかと確認したら、Updated 7 hours ago だった。
https://hub.docker.com/r/envoyproxy/envoy-dev/tags
curl で得られたのは https://google.com だった
Simple Configuration
コンテナに入って envoy.yaml を確認
docker exec -it 29 sh cat /etc/envoy/envoy.yaml
/etc/envoy/envoy.yaml
admin: ## The admin message access_log_path: /tmp/admin_access.log address: socket_address: protocol: TCP address: 127.0.0.1 port_value: 9901 static_resources: ## The static_resources listeners: ## The specification of the listeners. - name: listener_0 address: socket_address: protocol: TCP address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: - match: prefix: "/" route: host_rewrite: www.google.com cluster: service_google http_filters: - name: envoy.router clusters: ## The specification of the clusters. - name: service_google connect_timeout: 0.25s type: LOGICAL_DNS # Comment out the following line to test on v6 networks dns_lookup_family: V4_ONLY lb_policy: ROUND_ROBIN load_assignment: cluster_name: service_google endpoints: - lb_endpoints: - endpoint: address: socket_address: address: www.google.com port_value: 443 tls_context: sni: www.google.com
envoy を通してgoogle検索
envoy を通してgoogle検索できるのか試した。proxy 介したリクエストとみなされ 403。
# curl -v localhost:10000/search?q=envoy * About to connect() to localhost port 10000 (#0) * Trying ::1... * Connected to localhost (::1) port 10000 (#0) > GET /search?q=envoy HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:10000 > Accept: */* > < HTTP/1.1 403 Forbidden < content-type: text/html; charset=UTF-8 < server: envoy : That’s an error. Your client does not have permission to get URL <code/search?q=envoy</code> from this server. (Client IP address: ***.***.***.***)
Using the Envoy Docker Image
ここは、自前envoy,yaml を docker イメージに適用する方法の説明。www.bing.com に向けてみる
envoy.yaml
admin: access_log_path: /tmp/admin_access.log address: socket_address: protocol: TCP address: 127.0.0.1 port_value: 9901 static_resources: listeners: - name: listener_0 address: socket_address: protocol: TCP address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: local_service domains: ["*"] routes: - match: prefix: "/" route: host_rewrite: www.bing.com cluster: service_bing http_filters: - name: envoy.router clusters: - name: service_bing connect_timeout: 0.25s type: LOGICAL_DNS # Comment out the following line to test on v6 networks dns_lookup_family: V4_ONLY lb_policy: ROUND_ROBIN load_assignment: cluster_name: service_bing endpoints: - lb_endpoints: - endpoint: address: socket_address: address: www.bing.com port_value: 443 tls_context: sni: www.bing.com
Dockerfile
FROM envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3 COPY envoy.yaml /etc/envoy/envoy.yaml
イメージ作ってrun
$ docker build -t envoy:v1 . $ docker run -d --name envoy -p 9901:9901 -p 10000:10000 envoy:v1
で、curl
# curl -v localhost:10000 * About to connect() to localhost port 10000 (#0) * Trying ::1... * Connected to localhost (::1) port 10000 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:10000 > Accept: */* > < HTTP/1.1 200 OK < cache-control: private, max-age=0 < content-length: 104152 < content-type: text/html; charset=utf-8 :
続けて検索。bingは200だった。
curl -v localhost:10000/search?q=envoy * About to connect() to localhost port 10000 (#0) * Trying ::1... * Connected to localhost (::1) port 10000 (#0) > GET /search?q=envoy HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost:10000 > Accept: */* > < HTTP/1.1 200 OK < cache-control: private, max-age=0 < content-type: text/html; charset=utf-8 : ...3,400,000 件の検索結果... ...envoyの意味・使い方・読み方 | Weblio英和辞書... ...envoyの意味・使い方|英辞郎 on the WEB:アルク... ...Envoy (Envoy proxy)、Istio とは? - Qiita...
ブラウザ使えない環境というのがもどかしい。