seninel部署
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. # Sentinel Token Server (Envoy RLS implementation)
  2. This module provides the [Envoy rate limiting gRPC service](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/global_rate_limiting#arch-overview-rate-limit) implementation
  3. with Sentinel token server.
  4. > Note: the gRPC stub classes for Envoy RLS service is generated via `protobuf-maven-plugin` during the `compile` goal.
  5. > The generated classes is located in the directory: `target/generated-sources/protobuf`.
  6. ## Build
  7. Build the executable jar:
  8. ```bash
  9. mvn clean package -P prod
  10. ```
  11. ## Rule configuration
  12. Sentinel RLS token server supports dynamic rule configuration via the yaml file.
  13. The file may provide rules for one *domain* (defined in Envoy's conf file).
  14. In Envoy, one rate limit request might carry multiple *rate limit descriptors*
  15. (which will be generated from [Envoy rate limit actions](https://www.envoyproxy.io/docs/envoy/v1.12.1/api-v2/api/v2/route/route.proto#envoy-api-msg-route-ratelimit)).
  16. One rate limit descriptor may have multiple entries (key-value pair).
  17. We may set different threshold for each rate limit descriptors.
  18. A sample rule configuration file:
  19. ```yaml
  20. domain: foo
  21. descriptors:
  22. - resources:
  23. - key: "destination_cluster"
  24. value: "service_httpbin"
  25. count: 1
  26. ```
  27. This rule only takes effect for domain `foo`. It will limit the max QPS to 1 for
  28. all requests targeted to the `service_httpbin` cluster.
  29. We need to provide the path to yaml file via the `SENTINEL_RLS_RULE_FILE_PATH` env
  30. (or `-Dcsp.sentinel.rls.rule.file` opts). Then as soon as the content in the rule file has been changed,
  31. Sentinel will reload the new rules from the file to the `EnvoyRlsRuleManager`.
  32. We may check the logs in `~/logs/csp/sentinel-record.log.xxx` to see whether the rules has been loaded.
  33. We may also retrieve the converted `FlowRule` via the command API `localhost:8719/cluster/server/flowRules`.
  34. ## Configuration items
  35. The configuration list:
  36. | Item (env) | Item (JVM property) | Description | Default Value | Required |
  37. |--------|--------|--------|--------|--------|
  38. | `SENTINEL_RLS_GRPC_PORT` | `csp.sentinel.grpc.server.port` | The RLS gRPC server port | **10240** | false |
  39. | `SENTINEL_RLS_RULE_FILE_PATH` | `csp.sentinel.rls.rule.file` | The path of the RLS rule yaml file | - | **true** |
  40. | `SENTINEL_RLS_ACCESS_LOG` | - | Whether to enable the access log (`on` for enable) | off | false |
  41. ## Samples
  42. - [Kubernetes sample](./sample/k8s)