聊聊 Wasm 擴(kuò)展 Envoy 使用詳解
作者:梁勇
我們想要網(wǎng)格的服務(wù)發(fā)現(xiàn)、路由、熔斷降級、負(fù)載均衡,這些流量治理都在數(shù)據(jù)面Envoy中執(zhí)行才行。
引言
我們想要網(wǎng)格的服務(wù)發(fā)現(xiàn)、路由、熔斷降級、負(fù)載均衡,這些流量治理都在數(shù)據(jù)面Envoy中執(zhí)行才行。Envoy也提供的Filter機(jī)制來做這些功能,通常有以下方式:
- 通過C++代碼自定義filter重新編譯Envoy
- 使用Lua腳本擴(kuò)展filter
- 使用wasm擴(kuò)展Envoy
一、wasm工作原理
第一種C++編譯學(xué)習(xí)成本過高,維護(hù)也困難,第二種適合用于實現(xiàn)簡單功能可以,第三種是重點(diǎn)發(fā)展方向通過其他語言編寫filter,通過wasm編譯運(yùn)行嵌入在Envoy中運(yùn)行,通過可移植的二進(jìn)制指令實現(xiàn),以下特性:
動態(tài)加載到Envoy中執(zhí)行
- 無需修改Envoy代碼容易維護(hù)
- 支持較多開發(fā)語言比如tinygo
- 進(jìn)程級隔離在VM沙箱運(yùn)行部影響Envoy進(jìn)程
- 流量進(jìn)過Envoy示意圖:
二、wasm安裝過程
安裝Isito1.9.9
當(dāng)前最新版本為v0.0.33,支持的Istio為1.9.X
- https://github.com/solo-io/wasm/releases/
卸載原來的istio1.10版本,安裝1.9.9
- istioctl x uninstall --purge
istio1.9.9安裝路徑,具體安裝過程見前面文章
- https://github.com/istio/istio/releases/download/1.9.9/istio-1.9.9-linux-amd64.tar.gz
聲明式掛載wasme
下面有詳細(xì)的安裝建議,生產(chǎn)環(huán)境建議使用聲明式掛載:
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/wasme_operator/
1.安裝Wasme CRDs
- kubectl apply -f https://github.com/solo-io/wasm/releases/latest/download/wasme.io_v1_crds.yaml
- # kubectl apply -f wasme.io_v1_crds.yaml
- customresourcedefinition.apiextensions.k8s.io/filterdeployments.wasme.io created
2.安裝Operator components
- kubectl apply -f https://github.com/solo-io/wasm/releases/latest/download/wasme-default.yaml
- # kubectl apply -f wasme-default.yaml
- namespace/wasme created
- serviceaccount/wasme-operator created
- serviceaccount/wasme-cache created
- configmap/wasme-cache created
- clusterrole.rbac.authorization.k8s.io/wasme-operator created
- clusterrole.rbac.authorization.k8s.io/wasme-cache created
- clusterrolebinding.rbac.authorization.k8s.io/wasme-operator created
- clusterrolebinding.rbac.authorization.k8s.io/wasme-cache created
- daemonset.apps/wasme-cache created
- deployment.apps/wasme-operator created
3.校驗是否安裝成功
- # kubectl get pod -n wasme
- NAME READY STATUS RESTARTS AGE
- wasme-cache-96mnm 1/1 Running 0 23s
- wasme-cache-ktnpb 1/1 Running 0 23s
- wasme-cache-w929m 1/1 Running 0 23s
- wasme-operator-75bbf94974-nb684 1/1 Running 0 23s
掛載工作原理
命令行安裝
官方安裝文檔
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/getting_started/
網(wǎng)絡(luò)好的可以使用快速安裝命令
- curl -sL https://run.solo.io/wasme/install | sh
從install_cli.sh安裝腳本看做了什么事情
- if [ "$(uname -s)" = "Darwin" ]; then OS=darwin // Mac為darwinelse OS=linuxfi// 更名和授予執(zhí)行權(quán)限cd "$HOME"mkdir -p ".wasme/bin"mv "${tmp}/${filename}" ".wasme/bin/wasme"chmod +x ".wasme/bin/wasme"// 添加到環(huán)境變量export PATH=\$HOME/.wasme/bin:\$PATH"
Mac可以下載wasme-darwin-amd64,照著安裝就是了。
- export PATH=$PATH:/Users/yongliang/work/software_install/wasme/binsource ~/.bash_profilechmod +x /Users/yongliang/work/software_install/wasme/bin/wasmewasme --versionwasme version 0.0.33
三、wasm生成Filter
官方使用指南參見:
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/build_tutorials/building_assemblyscript_filters/
先試用tinygo做個示例看看效果
- wasme init melon-filterUse the arrow keys to navigate: ↓ ↑ → ← ? What language do you wish to use for the filter: cpp rust assemblyscript ▸ tinygo
執(zhí)行后:
- wasme init melon-filter✔ tinygo✔ istio:1.7.x, gloo:1.6.x, istio:1.8.x, istio:1.9.x
目錄結(jié)構(gòu)
- -rw-r--r-- 1 yongliang staff 83 11 15 19:26 go.mod-rw-r--r-- 1 yongliang staff 676 11 15 19:26 go.sum-rw-r--r-- 1 yongliang staff 1707 11 15 19:26 main.go-rw-r--r-- 1 yongliang staff 162 11 15 19:26 runtime-config.json
runtime-config.json是wamse構(gòu)建filter使用的,必須包含rootIds字段
- { "type": "envoy_proxy", "abiVersions": ["v0-4689a30309abf31aee9ae36e73d34b1bb182685f", "v0.2.1"], "config": { "rootIds": [ "root_id" ] }}
main.go是生成的示例代碼,主要在返回response頭部Header添加了信息,修改成「”hello“,“melon”」
- func (ctx *httpHeaders) OnHttpResponseHeaders(numHeaders int, endOfStream bool) types.Action { if err := proxywasm.SetHttpResponseHeader("hello", "melon"); err != nil { proxywasm.LogCriticalf("failed to set response header: %v", err) } return types.ActionContinue}
四、wasm構(gòu)建Filter
Filter構(gòu)建
構(gòu)建的過程耗時較長,多等一會
- wasme build tinygo /Users/yongliang/GoLandProjects/melon-filter -t xxx/base/melon-add-header:v0.1Unable to find image 'quay.io/solo-io/ee-builder:0.0.33' locally0.0.33: Pulling from solo-io/ee-builderdf27e1f7c31e: Pull complete 0a8813a60e2e: Pull complete 3c2cba919283: Pull complete 26f4837a47c0: Pull complete dd7b292cf068: Pull complete 4a4d78f042bc: Pull complete 9108a736d6a0: Pull complete 70ac09daaa76: Pull complete 809bdff17a4d: Pull complete 31fc029d676e: Pull complete 85533903f7c2: Pull complete f87e543b124a: Pull complete 93d78f561264: Pull complete 8ba3d0f61e41: Pull complete d511201136be: Pull complete Digest: sha256:94b6ce4624b0c4ed4cfa4f311c8af57083b538949b5c88ce62ef984f9b81ef66Status: Downloaded newer image for quay.io/solo-io/ee-builder:0.0.33Building with tinygo...go: downloading github.com/tetratelabs/proxy-wasm-go-sdk v0.1.1INFO[2146] adding image to cache... filter file=/tmp/wasme066130090/filter.wasm tag="xxx/base/melon-add-header:v0.1"INFO[2146] tagged image digest="sha256:750d63889653e7117fcbc0831f10f0e1d3f7ec0c82fe5787b71d08a783e3393f" image="xxx/base/melon-add-header:v0.1"
構(gòu)建完成,生成鏡像
- wasme listNAME TAG SIZE SHA UPDATEDxxxx/base/melon-add-header v0.1 247.6 kB 750d6388 15 Nov 21 20:23 CST
備注:官方構(gòu)建教程參見
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/build_tutorials/building_assemblyscript_filters/
鏡像推送
將構(gòu)建好的鏡像需要推送到遠(yuǎn)程倉庫
- wasme push xxx/base/melon-add-header:v0.1INFO[0000] Pushing image xxxn/base/melon-add-header:v0.1 INFO[0004] Pushed xxx/base/melon-add-header:v0.1 INFO[0004] Digest: sha256:27aecb092318b2f922204ce722a34e5c2866baa168cf2f9f00c303b1982cfa9a
備注:官方推送教程參見
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/push_tutorials/basic_push/
五、Filter生效部署
通過Kubernetes的自定義資源,通過FilterDeployment來實現(xiàn),下面是melon-add-header.yaml內(nèi)容
- apiVersion: wasme.io/v1kind: FilterDeploymentmetadata: name: melon-add-header namespace: defaultspec: deployment: istio: kind: Deployment filter: image: xxx/base/melon-add-header:v0.1
執(zhí)行部署命令
- kubectl apply -f melon-add-header.yamlfilterdeployment.wasme.io/melon-add-header created
備注:官方教程參見
- https://docs.solo.io/web-assembly-hub/latest/tutorial_code/wasme_operator/
六、生效驗證
1.訪問網(wǎng)格Mesh服務(wù)
2.檢驗Response Headers添加了「hello:melon」
本文轉(zhuǎn)載自微信公眾號「瓜農(nóng)老梁」,可以通過以下二維碼關(guān)注。轉(zhuǎn)載本文請聯(lián)系瓜農(nóng)老梁公眾號。
責(zé)任編輯:武曉燕
來源:
瓜農(nóng)老梁
