wangjx
/
sentinel
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
seninel部署
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
671 提交
1 分支
7.5MB
目录树: dfce6ebba4
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'dfce6ebba4'
${ noResults }
sentinel/sentinel-cluster/sentinel-cluster-server-env.../sample/k8s/README.md

README.md 4.2KB
原始文件 普通视图 文件历史

Add Docker/k8s sample for Sentinel RLS token server and update document Signed-off-by: Eric Zhao <sczyh16@gmail.com>
5 年前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. # Sentinel Envoy RLS - Kubernetes sample

  2. 

  3. This sample will illustrate how to use Sentinel RLS token server with Envoy in Kubernetes clusters.

  4. 

  5. ## Build the Docker image

  6. 

  7. We could use the pre-built Docker image: `registry.cn-hangzhou.aliyuncs.com/sentinel-docker-repo/sentinel-envoy-rls-server:latest`

  8. 

  9. We can also manually build the Docker image in the `sentinel-cluster-server-envoy-rls` directory:

  10. 

  11. ```bash

  12. docker build -t "sentinel/sentinel-envoy-rls-server:latest" -f ./Dockerfile .

  13. ```

  14. 

  15. ## Deploy Sentinel RLS token server

  16. 

  17. Next we could deploy the Sentinel RLS token server in the K8S cluster.

  18. We've provided a deployment template for Sentinel RLS token server in `sentinel-rls.yml`.

  19. It includes:

  20. 

  21. - A `ConfigMap` that contains the cluster flow control rule for Envoy global rate limiting.

  22.   This will be mounted as a file in the target `Deployment`, so that the Sentinel RLS token server

  23.   could load the rules dynamically as soon as the rule in the `ConfigMap` has been updated.

  24. - A `Deployment` for Sentinel RLS token server. It will mount the `ConfigMap` as a volume

  25.   for dynamic rule configuration.

  26. - A `Service` that exports the Sentinel command port (8719) and the RLS gRPC port (by default 10245)

  27.   on a cluster-internal IP so that the Envoy pods could communicate with the RLS server.

  28. 

  29. The sample rate limiting rule in the `sentinel-rule-cm`:

  30. 

  31. ```yaml

  32. domain: foo

  33. descriptors:

  34.   # For requests to the "service_httpbin" cluster, limit the max QPS to 1

  35.   - resources:

  36.     - key: "destination_cluster"

  37.       value: "service_httpbin"

  38.     count: 1

  39. ```

  40. 

  41. You may enable the access log in the Sentinel RLS token server (output to console)

  42. via the `SENTINEL_RLS_ACCESS_LOG` env:

  43. 

  44. ```yaml

  45. env:

  46.   - name: SENTINEL_RLS_ACCESS_LOG

  47.     value: "on"

  48. ```

  49. 

  50. You may also append JVM opts via the `JAVA_OPTS` env.

  51. 

  52. After preparing the yaml template, you may deploy the Sentinel RLS token server:

  53. 

  54. ```bash

  55. kubectl apply -f sample/k8s/sentinel-rls.yml

  56. ```

  57. 

  58. ## Deploy Envoy

  59. 

  60. Next we could deploy the Envoy instances in the K8S cluster. If you've already had Envoy instances running,

  61. you could configure the address (`sentinel-rls-service`) and the port (`10245`)

  62. of the rate limit cluster in your Envoy configuration.

  63. 

  64. We've provided a deployment template for Envoy in `envoy.yml`.

  65. It includes:

  66. 

  67. - A `ConfigMap` that contains the configuration for Envoy.

  68.   This will be mounted as a file in the target `Deployment`, which will be loaded as the configuration

  69.   file by Envoy.

  70. - A `Deployment` for Envoy. It will mount the `ConfigMap` as a volume

  71.   for configuration.

  72. - A `Service` that exports the Envoy endpoint port (by default 10000) on a cluster-internal IP

  73.   so that it could be accessible from other pods. If you need external access, you could choose the

  74.   `LoadBalancer` type or add a frontend ingress.

  75. 

  76. In the sample, we have two [Envoy clusters](https://www.envoyproxy.io/docs/envoy/latest/api-v2/clusters/clusters):

  77. 

  78. - `service_httpbin`: HTTP proxy to `httpbin.org`

  79. - `rate_limit_cluster`: the cluster of the Sentinel RLS token server

  80. 

  81. This route configuration tells Envoy to route incoming requests to `httpbin.org`. In the `http_filters` conf item,

  82. we added the `envoy.rate_limit` filter to the filter chain so that the global rate limiting is enabled.

  83. We set the rate limit domain as `foo`, which matches the item in the Envoy RLS rule.

  84. In the `route_config`, we provide the rate limit action: `{destination_cluster: {}}`, which will

  85. generate the rate limit descriptor containing the actual target cluster name (e.g. `service_httpbin`).

  86. Then we could set rate limit rules for each target clusters.

  87. 

  88. After preparing the yaml template, you may deploy the Envoy instance:

  89. 

  90. ```bash

  91. kubectl apply -f sample/k8s/envoy.yml

  92. ```

  93. 

  94. ## Test the rate limiting

  95. 

  96. Now it's show time! We could visit the URL `envoy-service:10000/json` in K8S pods.

  97. Since we set the max QPS to 1, we could emit concurrent requests to the URL, and we

  98. could see the first request passes, while the latter requests are blocked (status 429):

  99. 

  100. ![image](https://user-images.githubusercontent.com/9434884/68571798-d0a46500-049e-11ea-8488-5e90f56f23a5.png)

  101. 

  102. ## Update the rules dynamically

  103. 

  104. You could update the rules in the `sentinel-rule-cm` ConfigMap. Once the content is updated,

  105. Sentinel will perceive the changes and load the new rules to `EnvoyRlsRuleManager`.