실습
Introduction
데모 애플리케이션 배포
kubectl run nginx --image=nginx생성된 Pod 확인
kubectl get pod -l run=nginxNGINX가 정상 동작하는지 확인
kubectl exec nginx -- curl -s localhostEnvoy 설정파일 생성
cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 EOFEnvoy 배포
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: envoy labels: app: envoy spec: containers: - name: envoy image: envoyproxy/envoy:v1.22.2 volumeMounts: - name: envoy-conf mountPath: /etc/envoy volumes: - name: envoy-conf configMap: name: envoy EOFEnvoy가 정상적으로 실행되었는지 확인
kubectl get pod -l app=envoyEnvoy 로그 확인
kubectl logs envoyTCP Proxy 필터 추가 - https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto
cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp cluster: nginx EOF수정한 설정파일 반영
kubectl get pod envoy -o yaml | kubectl replace --force -f -Envoy가 정상적으로 실행되었는지 확인
kubectl get pod -l app=envoyRequest을 보낼 Pod 생성
kubectl run curl --image=curlimages/curl -- sleep infinityNGINX로 Request 생성
kubectl exec curl \ -- curl -s $(kubectl get pod nginx -o=jsonpath="{.status.podIP}")NGINX 서버 로그 확인
kubectl logs nginxEnvoy로 Request 생성
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")Envoy 로그 확인
kubectl logs envoyTCP Proxy 필터에 로그 활성화 - https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/accesslog/v3/accesslog.proto
cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp cluster: nginx access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog EOF수정한 설정파일 반영
kubectl get pod envoy -o yaml | kubectl replace --force -f -Envoy로 Request 생성
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")Envoy 로그 확인 - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage
kubectl logs envoy클러스터 추가
cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog cluster: nginx clusters: - name: nginx type: STATIC load_assignment: cluster_name: nginx endpoints: - lb_endpoints: - endpoint: address: socket_address: address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}") port_value: 80 EOF수정한 설정파일 반영
kubectl get pod envoy -o yaml | kubectl replace --force -f -Envoy로 Request 생성
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")Envoy 로그 확인
kubectl logs envoyNGINX 서버 로그 확인
kubectl logs nginxEnvoy가 내보내는 지표 확인 - https://www.envoyproxy.io/docs/envoy/latest/operations/stats_overview
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")/statsAdmin API 활성화
cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | admin: address: socket_address: address: 0.0.0.0 port_value: 15000 static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog cluster: nginx clusters: - name: nginx type: STATIC load_assignment: cluster_name: nginx endpoints: - lb_endpoints: - endpoint: address: socket_address: address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}") port_value: 80 EOF수정한 설정파일 반영
kubectl get pod envoy -o yaml | kubectl replace --force -f -Envoy가 내보내는 지표 확인
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/statsEnvoy가 내보내는 Prometheus 형식의 지표 확인
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/stats/prometheusEnvoy로 Request 생성
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")지표 확인
kubectl exec curl \ -- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/stats/prometheus \ | grep -i ingress_tcp리소스 삭제
kubectl delete pod nginx envoy curl kubectl delete cm envoy
HTTP Connection Manager
Envoy 배포
Request을 보낼 Pod 생성
Envoy로 Request 생성
Routing 규칙 추가
수정한 설정파일 반영
Envoy로 Request 생성
Routing 규칙 순서 변경
수정한 설정파일 반영
Envoy로 Request 생성
Last updated