Shulou(Shulou.com)05/31 Report--

This article mainly explains the "Rainbond network governance plug-in ServiceMesh how to use", the article explains the content is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "Rainbond network governance plug-in ServiceMesh how to use" it!

ServiceMesh Network Governance plug-in

After version 5.1.5, Rainbond provides two plug-ins: comprehensive network governance plug-in (which handles both inbound and outbound networks) and outbound network governance plug-in. The network governance plug-in works in the same network space as the business container, and can monitor an allocation port, intercept inbound business traffic for flow limiting, disconnection and other processing, and then load the traffic onto the actual listening port of the business service.

At the same time, it can also work in the outbound direction. When the business service needs to access the upstream service, it can carry out traffic routing, disconnection, security verification and other processing by accessing the port monitored by the local outbound governance plug-in, and then load the traffic to the host with existing services.

For plug-in developers, there are two points to pay attention to:

The inbound governance plug-in needs to forward traffic according to the port forwarding rules assigned by the system. For example, the UI service itself is listening on port 8080, which cannot be changed, but we can change the access port when accessing the UI service from the edge gateway. Therefore, the Rainbond application runtime dynamically generates listening port pairs for the inbound network governance plug-in, such as the following configuration:

"base_ports": [{"service_alias": "gre484d9", "service_id": "9703228e9b42cde3e3a72f4826e484d9", "port": 8080, "listen_port": 65301, "protocol": "http", "options": {"LIMIT_DOMAIN": "limit.common" "OPEN_LIMIT": "NO"}}]

The DISCOVER_URL variable is automatically injected when the plug-in is running, and the above configuration information can be obtained dynamically through the address of this variable. The inbound network governance plug-in must listen to port 65301 and load traffic to port 127.0.0.1.

The outbound governance plug-in does not have the problem of port mapping, and the outbound governance plug-in generates a local monitoring load to the remote address based on the dynamic configuration information of its subordinates.

"base_services": [{"service_alias": "gre484d9", "service_id": "9703228e9b42cde3e3a72f4826e484d9", "depend_service_alias": "grcff92d", "depend_service_id": "c81923991ff2428082a5d9d478cff92d", "port": 5000, "protocol": "http" Options: {"BaseEjectionTimeMS": "30000", "ConsecutiveErrors": "5", "Domains": "todos", "Headers": "", "IntervalMS": "10", "MaxActiveRetries": "5", "MaxConnections": "10" "MaxEjectionPercent": "20", "MaxPendingRequests": "1024", "MaxRequests": "1024", "MaxRequestsPerConnection": "", "PROXY": "YES", "Prefix": "/", "Weight": "80"}}]

Using the above native configuration discovery and service discovery to make the custom plug-in work, the plug-in level needs to do more data adaptation work. Rainbond also provides a dynamic configuration discovery service based on envoy XDS (grpc) specification. In the plug-in, two variables XDS_HOST_IP XDS_HOST_PORT are used to obtain the address of the XDS service.

For users, the network governance of the plug-in layer is completely transparent to the business layer, and all distributed services with dependencies are similar to running the same host.

Plug-ins practice integrated network governance plug-ins

The comprehensive network governance plug-in provided by default is implemented based on envoy 1.9.0. The integrated network plug-in implements both inbound and outbound governance, and provides the following configuration parameters:

Inbound direction

Global current limit:

OPEN_LIMIT enables global current restriction, which depends on third-party current-limiting services, such as ratelimit. Currently, services need to rely on ratelimit services and set RATE_LIMIT_SERVER_HOST and RATE_LIMIT_SERVER_PORT environment variables.

Domain key of LIMIT_DOMAIN current-limiting link, corresponding to the configuration of global current-limiting service

Open circuit:

The maximum number of MaxConnections connections. The Http protocol only applies to the http1.1,TCP protocol. Set the maximum number of TCP connections.

Number of MaxRequests concurrent requests, applicable to HTTP protocol

Maximum number of waiting requests for MaxPendingRequests, applicable to HTTP protocol

Maximum number of MaxActiveRetries retries, applicable to HTTP protocol

Maximum number of requests for MaxRequestsPerConnection single connection, applicable to HTTP protocol, and supports http1.1 and http2

Outbound direction

Dynamic routing (HTTP protocol):

Domains

Request domain name, for upstream services of http protocol, support domain name-based routing and reuse port 80.

Prefix

Request the prefix of the Path path to route different upstream services based on the prefix.

Headers

Request headers, routing different upstream services based on the request headers.

Weight

Weight, which distributes traffic to different upstream services based on different weights.

Open circuit (connection-oriented):

The maximum number of MaxConnections connections. The Http protocol only applies to the http1.1,TCP protocol. Set the maximum number of TCP connections.

Number of MaxRequests concurrent requests, applicable to HTTP protocol

Maximum number of waiting requests for MaxPendingRequests, applicable to HTTP protocol

Maximum number of MaxActiveRetries retries, applicable to HTTP protocol

Maximum number of requests for MaxRequestsPerConnection single connection, applicable to HTTP protocol, and supports http1.1 and http2

Open circuit (facing upstream host):

The number of times the ConsecutiveErrors upstream service host was evicted with 500error.

The base time when the BaseEjectionTimeMS host is expelled, and the time when the host is expelled for the first time. If expelled n times, the time is n*BaseEjectionTimeMS.

The maximum percentage of MaxEjectionPercent being expelled from the host. If set to 100, full eviction is allowed.

Time interval for IntervalMS to analyze whether a host should be expelled

The percentage of HealthyPanicThreshold entering panic mode, the default is 50

Outbound network governance plug-in

When the service does not need to use the inbound governance function, only the outbound governance plug-in can be used, and the configuration parameters are consistent with the outbound direction of the comprehensive governance plug-in.

Thank you for reading, the above is the "Rainbond network governance plug-in ServiceMesh how to use" the content, after the study of this article, I believe you have a deeper understanding of how to use the Rainbond network governance plug-in ServiceMesh, the specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.