실습

Introduction

데모 애플리케이션 배포
```
kubectl run nginx --image=nginx
```
생성된 Pod 확인
```
kubectl get pod -l run=nginx
```
NGINX가 정상 동작하는지 확인
```
kubectl exec nginx -- curl -s localhost
```

Envoy 설정파일 생성

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
EOF

Envoy 배포

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: envoy
  labels:
    app: envoy
spec:
  containers:
  - name: envoy
    image: envoyproxy/envoy:v1.22.2
    volumeMounts:
    - name: envoy-conf
      mountPath: /etc/envoy
  volumes:
  - name: envoy-conf
    configMap:
      name: envoy
EOF

Envoy가 정상적으로 실행되었는지 확인
```
kubectl get pod -l app=envoy
```
Envoy 로그 확인
```
kubectl logs envoy
```

TCP Proxy 필터 추가 -

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.tcp_proxy
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
              stat_prefix: ingress_tcp
              cluster: nginx
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy가 정상적으로 실행되었는지 확인
```
kubectl get pod -l app=envoy
```

Request을 보낼 Pod 생성

kubectl run curl --image=curlimages/curl -- sleep infinity

NGINX로 Request 생성

kubectl exec curl \
-- curl -s $(kubectl get pod nginx -o=jsonpath="{.status.podIP}")

NGINX 서버 로그 확인
```
kubectl logs nginx
```

Envoy로 Request 생성

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")

Envoy 로그 확인
```
kubectl logs envoy
```

TCP Proxy 필터에 로그 활성화 -

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.tcp_proxy
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
              stat_prefix: ingress_tcp
              cluster: nginx
              access_log:
              - name: envoy.access_loggers.stdout
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy로 Request 생성

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")

Envoy 로그 확인 -
```
kubectl logs envoy
```

클러스터 추가

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.tcp_proxy
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
              stat_prefix: ingress_tcp
              access_log:
              - name: envoy.access_loggers.stdout
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
              cluster: nginx
      clusters:
      - name: nginx
        type: STATIC
        load_assignment:
          cluster_name: nginx
          endpoints:
          - lb_endpoints:
            - endpoint:
                address:
                  socket_address:
                    address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}")
                    port_value: 80
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy로 Request 생성

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")

Envoy 로그 확인
```
kubectl logs envoy
```
NGINX 서버 로그 확인
```
kubectl logs nginx
```

Envoy가 내보내는 지표 확인 -

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")/stats

Admin API 활성화

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    admin:
      address:
        socket_address: 
          address: 0.0.0.0
          port_value: 15000
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.tcp_proxy
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
              stat_prefix: ingress_tcp
              access_log:
              - name: envoy.access_loggers.stdout
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
              cluster: nginx
      clusters:
      - name: nginx
        type: STATIC
        load_assignment:
          cluster_name: nginx
          endpoints:
          - lb_endpoints:
            - endpoint:
                address:
                  socket_address:
                    address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}")
                    port_value: 80
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy가 내보내는 지표 확인

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/stats

Envoy가 내보내는 Prometheus 형식의 지표 확인

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/stats/prometheus

Envoy로 Request 생성

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")

지표 확인

kubectl exec curl \
-- curl -s $(kubectl get pod envoy -o=jsonpath="{.status.podIP}"):15000/stats/prometheus \
| grep -i ingress_tcp

리소스 삭제

kubectl delete pod nginx envoy curl
kubectl delete cm envoy

HTTP Connection Manager

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.http_connection_manager
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
              stat_prefix: helloworld
              http_filters:
              - name: envoy.filters.http.router
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
              route_config:
                virtual_hosts:
                - name: helloworld
                  domains: ["*"]
                  routes:
                  - match:
                      prefix: "/"
                    direct_response:
                      status: 200
                      body:
                        inline_string: "helloworld"   
EOF

Envoy 배포

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: envoy
  labels:
    app: envoy
spec:
  containers:
  - name: envoy
    image: envoyproxy/envoy:v1.22.2
    volumeMounts:
    - name: envoy-conf
      mountPath: /etc/envoy
  volumes:
  - name: envoy-conf
    configMap:
      name: envoy
EOF

Request을 보낼 Pod 생성

kubectl run curl --image=curlimages/curl -- sleep infinity

Envoy로 Request 생성

kubectl exec curl \
-- curl -s -w "\n" $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")

Routing 규칙 추가

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.http_connection_manager
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
              stat_prefix: helloworld
              http_filters:
              - name: envoy.filters.http.router
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
              route_config:
                virtual_hosts:
                - name: helloworld
                  domains: ["*"]
                  routes:
                  - match:
                      prefix: "/"
                    direct_response:
                      status: 200
                      body:
                        inline_string: "helloworld"
                  - match:
                      path: "/api"
                    direct_response:
                      status: 200
                      body:
                        inline_string: "helloworld api"            
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy로 Request 생성

kubectl exec curl \
-- curl -s -w "\n" $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")/api

Routing 규칙 순서 변경

cat <<EOF | kubectl apply -f -
kind: ConfigMap
apiVersion: v1
metadata:
  name: envoy
data:
  envoy.yaml: |
    static_resources:
      listeners:
      - name: http-listener
        address:
          socket_address:
            address: 0.0.0.0
            port_value: 80
        filter_chains:
        - filters:
          - name: envoy.filters.network.http_connection_manager
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
              stat_prefix: helloworld
              http_filters:
              - name: envoy.filters.http.router
                typed_config:
                  "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
              route_config:
                virtual_hosts:
                - name: helloworld
                  domains: ["*"]
                  routes:
                  - match:
                      path: "/api"
                    direct_response:
                      status: 200
                      body:
                        inline_string: "helloworld api"          
                  - match:
                      prefix: "/"
                    direct_response:
                      status: 200
                      body:
                        inline_string: "helloworld"
EOF

수정한 설정파일 반영

kubectl get pod envoy -o yaml | kubectl replace --force -f -

Envoy로 Request 생성

kubectl exec curl \
-- curl -s -w "\n" $(kubectl get pod envoy -o=jsonpath="{.status.podIP}")/api

PreviousEnvoy (WIP)NextOperator (WIP)

Last updated 2 years ago

cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: envoy labels: app: envoy spec: containers: - name: envoy image: envoyproxy/envoy:v1.22.2 volumeMounts: - name: envoy-conf mountPath: /etc/envoy volumes: - name: envoy-conf configMap: name: envoy EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp cluster: nginx EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog cluster: nginx clusters: - name: nginx type: STATIC load_assignment: cluster_name: nginx endpoints: - lb_endpoints: - endpoint: address: socket_address: address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}") port_value: 80 EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | admin: address: socket_address: address: 0.0.0.0 port_value: 15000 static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.tcp_proxy typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy stat_prefix: ingress_tcp access_log: - name: envoy.access_loggers.stdout typed_config: "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog cluster: nginx clusters: - name: nginx type: STATIC load_assignment: cluster_name: nginx endpoints: - lb_endpoints: - endpoint: address: socket_address: address: $(kubectl get pod nginx -o=jsonpath="{.status.podIP}") port_value: 80 EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: helloworld http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: virtual_hosts: - name: helloworld domains: ["*"] routes: - match: prefix: "/" direct_response: status: 200 body: inline_string: "helloworld" EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: helloworld http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: virtual_hosts: - name: helloworld domains: ["*"] routes: - match: prefix: "/" direct_response: status: 200 body: inline_string: "helloworld" - match: path: "/api" direct_response: status: 200 body: inline_string: "helloworld api" EOF

cat <<EOF | kubectl apply -f - kind: ConfigMap apiVersion: v1 metadata: name: envoy data: envoy.yaml: | static_resources: listeners: - name: http-listener address: socket_address: address: 0.0.0.0 port_value: 80 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: helloworld http_filters: - name: envoy.filters.http.router typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router route_config: virtual_hosts: - name: helloworld domains: ["*"] routes: - match: path: "/api" direct_response: status: 200 body: inline_string: "helloworld api" - match: prefix: "/" direct_response: status: 200 body: inline_string: "helloworld" EOF