Shulou(Shulou.com)06/03 Report--

This article is translated and published by the official account EAWorld, and the source should be indicated when reprinted.

Author: Richard Li

Translator: Bai Xiaobai

Original: http://t.cn/E6cZoyG

Current cloud native applications are composed of a variety of heterogeneous services or micro-services, and the communication between services and clients needs to span numerous communication protocols and topologies. Ambassador is deployed in such a growing heterogeneous workload environment, so we have a direct understanding of this situation.

We are committed to making Ambassador the best cloud native API gateway in the world. To this end, we are excited to release version 0.52 of Ambassador and add the following new capabilities to the new version:

The gRPC-Web protocol is supported. GRPC-Web is based on native gRPC and is designed to serve browser / server communication. I would like to thank Gert van Dijk and Rotem Tamir for their work.

Support advanced load balancing control. Today's Ambassador can natively support traffic routing to physical IP addresses rather than DNS host names.

Session affinity (that is, sticky sessions) is supported. Ambassador can aggregate HTTP requests from the same end user into a specific Kubernetes Pod based on Cookie, HTTP header, or source IP address.

Due to the implementation of some architectural migration work, support for session affinity and advanced load balancing control is still in a preemptive release state, which will be described later.

I. gRPC-Web support

Today's cloud services are exposed through a large number of communication protocols. Ambassador supports almost every layer of the popular 7-layer protocol, including HTTP,HTTP/2,gRPC,WebSocket, as well as the latest support for gRPC-Web. Moreover, Ambassador supports native TCP routing even if the protocol used by the developer is not directly supported.

GRPC-Web protocol provides a lot of convenience for front-end developers: high performance, two-way streaming communication and extensive class library support. Due to browser limitations, gRPC-Web is not directly compatible with gRPC. However, you can set up a server proxy to solve the translation problem between the gRPC-Web request and the gRPC HTTP/2 response.

Thanks to Envoy's support for gRPC-Web, Ambassador can now support gRPC-Web by setting the enable_grpc_web: True annotation. It should be noted that this is a global setting.

Second, advanced load balancing control

Ambassador has always provided a wide range of routing options, which can be based on hosts, HTTP methods, HTTP headers, regular expressions, and so on. We know that flexible and fine-grained control over routing is essential to adapt to a wide range of usage scenarios. Currently, however, Ambassador only provides limited control to operators to route requests to different endpoint. In the past, Ambassador routed requests directly to Kubernetes service, which distributed requests to different Pod. This scheme works well and is easy to reason and test. Curl requests to Kubernetes service follow the same routing path as Ambassador requests.

Kubernetes network

In a typical Kubernetes cluster, Kubernetes service requests are routed by kube-proxy. What bothers me a little bit is that kube-proxy is not a typical agent, but a process of implementing virtual IP for service based on iptables rules. This architecture brings additional complexity to routing: not only a small amount of delay is introduced, but also iptables is not designed for routing, so the load balancing strategy is limited by the polling scheduling model.

Despite the complexity of implementation, such a solution still provides Ambassador users with an overwhelming advantage: simplicity. Service discovery and load balancing are handed over to Kubernetes, which can directly use general tools such as Curl to test routing.

Load balancing of Ambassador 0.52

In Ambassador version 0.52, we introduce a new load balancing control mechanism. The relevant control options are optional, so if no changes are made to the settings, load balancing control will be implemented in an otherwise effective way. If the AMBASSADOR_ENABLE_ENDPOINTS environment variable is set, the new control mechanism is enabled:

Ambassador monitors all Kubernetes endpoint state changes, not just the Kubernetes service itself.

With this state information, Ambassador can use different load balancing algorithms based on settings, bypassing Kube-proxy and routing requests directly to Kubernetes endpoint.

The following example mapping table shows how we add load_balancer annotations:

ApiVersion: ambassador/v1kind: Mappingname: qotm_mappingprefix: / qotm/service: qotmload_balancer:policy: round_robin

It is important to note that annotations can be added to the Ambassador module to make the default load balancing policy globally effective.

Conversational affinity

In addition to the default round_robin policy, Ambassador 0.52 can also support session affinity (that is, "sticky session") based on ringhash policy. During this process, you need to specify the unique identity of the client for the route. Any HTTP header, Cookie, or actual source IP address can be supported.

Preemptive version

We released the advanced load balancing control mechanism as a preemptive version in 0.52 for more extensive testing and collecting feedback. We are particularly interested in the effect of enabling this feature in different workloads and Kubernetes cluster environments. We want the number of endpoint to be more than the number of service, so that we can generate a growing workload on Kubernetes's API server. We eagerly look forward to your feedback, whether positive or negative, as long as it is about this feature.

III. Other changes in Ambassador version 0.52

In the new version of Ambassador, we also provide fixes for a large number of user feedback Bug, and provide a lot of enhancements.

Ambassador now supports bridging between HTTP/1.1 requests and gRPC back-end services.

When using HTTP API, a tracing header is added to the extauth filter. (such tracing header has been added when using gRPC API)

Allow extauth to establish a header that does not already exist (# 1313).

You can use Lua filters to embed simple scripts in the mapping. Thank Liam Costello for his contribution.

Startup performance improvement.

Using C YAML parsers instead of Python implementations to improve parsing performance (# 1294

Add xff_num_trusted_hops settings. It is important to provide such a setting if users use CDN services such as CloudFlare and rely on X-Forwarded-For header to cope with traffic speed limits.

The updated core settings document covers the new options mentioned above (such as Lua,gRPC HTTP/1.1 bridging, etc.).

IV. Major changes in the upcoming 0.60

By default, Ambassador 0.60will listen for plaintext HTTP requests on port 8080 (instead of port 80) and HTTPS requests on port 8443 (instead of port 443s), so as to simplify the operation of Ambassador without Root permissions. If your existing service depends on the above default port, you need to modify the relevant configuration file. Ambassador 0.52 will alert you in the diagnostic service.

5. Install Ambassador 0.52

Version 0.52 of Ambassador can be obtained through the following Docker tag:

Quay.io/datawire/ambassador:0.52.0 .

Update the existing deployment manifest with the tag, and kubectl installs version 0.52 into the cluster.

It can also be installed through Helm:

Helm install stable/ambassador

Upgrade to Ambassador 0.52,

The update of Ambassador depends on the deployment of Kubernetes. Before updating Ambassador, you need to point the Kubernetes deployment manifest to quay.io/datawire/ambassador:0.52.0 and then run kubectl based on the updated manifest. Kubernetes updates Ambassador to version 0.52 as a rolling update.

VII. Follow-up

If you encounter any problems during the update process, you can send an issue or join our Slack for help.

Address to submit Issue: https://github.com/datawire/ambassador/ to join Slack address: http://d6e.co/slack

If Ambassador works well, we'd be happy to hear about it. You can leave a message at the end of the article or on our Twitter account @ getambassadorio.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.