Envoy 管理界面
Envoy 提供的可选管理界面允许您查看配置和统计信息,更改服务器的行为,并根据特定过滤器规则截取流量。
要求
以下一些示例使用 jq 工具来解析管理服务器的输出。
admin
必须使用 admin 消息 来启用和配置管理服务器。
键 address 指定侦听 地址,在演示配置中为 0.0.0.0:9901。
在本例中,日志只是被丢弃了。
admin:
address:
socket_address:
address: 0.0.0.0
port_value: 9901
警告
Envoy 管理端点可能会公开有关正在运行服务的私有信息,允许修改运行时设置,并且还可用于关闭服务器。
由于端点未经身份验证,因此必须限制对其的访问。
您可能希望限制管理服务器侦听的网络地址,作为限制对该端点访问的策略的一部分。
stat_prefix
Envoy HttpConnectionManager 必须使用 stat_prefix 进行配置。
这提供了一个键,可以在查询统计信息接口时过滤该键 如下所示
在 envoy-demo.yaml 中,侦听器使用 stat_prefix ingress_http 进行配置。
1static_resources:
2
3 listeners:
4 - name: listener_0
5 address:
6 socket_address:
7 address: 0.0.0.0
8 port_value: 10000
9 filter_chains:
10 - filters:
11 - name: envoy.filters.network.http_connection_manager
12 typed_config:
13 "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
14 stat_prefix: ingress_http
15 access_log:
16 - name: envoy.access_loggers.stdout
17 typed_config:
18 "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
19 http_filters:
20 - name: envoy.filters.http.router
21 typed_config:
22 "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
23 route_config:
24 name: local_route
25 virtual_hosts:
26 - name: local_service
27 domains: ["*"]
28 routes:
29 - match:
管理端点:config_dump
端点 config_dump 以 json 格式返回 Envoy 的运行时配置。
以下命令允许您查看可用的配置类型
$ curl -s https://127.0.0.1:9901/config_dump | jq -r '.configs[] | .["@type"]'
type.googleapis.com/envoy.admin.v3.BootstrapConfigDump
type.googleapis.com/envoy.admin.v3.ClustersConfigDump
type.googleapis.com/envoy.admin.v3.ListenersConfigDump
type.googleapis.com/envoy.admin.v3.ScopedRoutesConfigDump
type.googleapis.com/envoy.admin.v3.RoutesConfigDump
type.googleapis.com/envoy.admin.v3.SecretsConfigDump
要查看当前配置的第一个 dynamic_listener 的 socket_address,您可以
$ curl -s https://127.0.0.1:9901/config_dump?resource=dynamic_listeners | jq '.configs[0].active_state.listener.address'
{
"socket_address": {
"address": "0.0.0.0",
"port_value": 10000
}
}
注意
有关可用参数和响应的更多信息,请参阅 config_dump 的参考部分。
提示
启用具有动态配置的 admin 接口特别有用,因为它允许您使用 config_dump 端点查看 Envoy 在特定时间点的配置方式。
管理端点:stats
端点 admin stats 允许您检索有关 Envoy 的运行时信息。
统计信息以 key: value 对的形式提供,其中键使用分层点式表示法,而值是 counter、histogram 或 gauge 类型之一。
要查看可用的统计信息类别,您可以
$ curl -s https://127.0.0.1:9901/stats | cut -d. -f1 | sort | uniq
cluster
cluster_manager
filesystem
http
http1
listener
listener_manager
main_thread
runtime
server
vhost
workers
统计信息端点接受一个 filter 参数,该参数将被评估为正则表达式
$ curl -s https://127.0.0.1:9901/stats?filter='^http\.ingress_http'
http.ingress_http.downstream_cx_active: 0
http.ingress_http.downstream_cx_delayed_close_timeout: 0
http.ingress_http.downstream_cx_destroy: 3
http.ingress_http.downstream_cx_destroy_active_rq: 0
http.ingress_http.downstream_cx_destroy_local: 0
http.ingress_http.downstream_cx_destroy_local_active_rq: 0
http.ingress_http.downstream_cx_destroy_remote: 3
http.ingress_http.downstream_cx_destroy_remote_active_rq: 0
http.ingress_http.downstream_cx_drain_close: 0
http.ingress_http.downstream_cx_http1_active: 0
http.ingress_http.downstream_cx_http1_total: 3
http.ingress_http.downstream_cx_http2_active: 0
http.ingress_http.downstream_cx_http2_total: 0
http.ingress_http.downstream_cx_http3_active: 0
http.ingress_http.downstream_cx_http3_total: 0
http.ingress_http.downstream_cx_idle_timeout: 0
http.ingress_http.downstream_cx_max_duration_reached: 0
http.ingress_http.downstream_cx_overload_disable_keepalive: 0
http.ingress_http.downstream_cx_protocol_error: 0
http.ingress_http.downstream_cx_rx_bytes_buffered: 0
http.ingress_http.downstream_cx_rx_bytes_total: 250
http.ingress_http.downstream_cx_ssl_active: 0
http.ingress_http.downstream_cx_ssl_total: 0
http.ingress_http.downstream_cx_total: 3
http.ingress_http.downstream_cx_tx_bytes_buffered: 0
http.ingress_http.downstream_cx_tx_bytes_total: 1117
http.ingress_http.downstream_cx_upgrades_active: 0
http.ingress_http.downstream_cx_upgrades_total: 0
http.ingress_http.downstream_flow_control_paused_reading_total: 0
http.ingress_http.downstream_flow_control_resumed_reading_total: 0
http.ingress_http.downstream_rq_1xx: 0
http.ingress_http.downstream_rq_2xx: 3
http.ingress_http.downstream_rq_3xx: 0
http.ingress_http.downstream_rq_4xx: 0
http.ingress_http.downstream_rq_5xx: 0
http.ingress_http.downstream_rq_active: 0
http.ingress_http.downstream_rq_completed: 3
http.ingress_http.downstream_rq_http1_total: 3
http.ingress_http.downstream_rq_http2_total: 0
http.ingress_http.downstream_rq_http3_total: 0
http.ingress_http.downstream_rq_idle_timeout: 0
http.ingress_http.downstream_rq_max_duration_reached: 0
http.ingress_http.downstream_rq_non_relative_path: 0
http.ingress_http.downstream_rq_overload_close: 0
http.ingress_http.downstream_rq_response_before_rq_complete: 0
http.ingress_http.downstream_rq_rx_reset: 0
http.ingress_http.downstream_rq_timeout: 0
http.ingress_http.downstream_rq_too_large: 0
http.ingress_http.downstream_rq_total: 3
http.ingress_http.downstream_rq_tx_reset: 0
http.ingress_http.downstream_rq_ws_on_non_ws_route: 0
http.ingress_http.no_cluster: 0
http.ingress_http.no_route: 0
http.ingress_http.passthrough_internal_redirect_bad_location: 0
http.ingress_http.passthrough_internal_redirect_no_route: 0
http.ingress_http.passthrough_internal_redirect_predicate: 0
http.ingress_http.passthrough_internal_redirect_too_many_redirects: 0
http.ingress_http.passthrough_internal_redirect_unsafe_scheme: 0
http.ingress_http.rq_direct_response: 0
http.ingress_http.rq_redirect: 0
http.ingress_http.rq_reset_after_downstream_response_started: 0
http.ingress_http.rq_total: 3
http.ingress_http.rs_too_large: 0
http.ingress_http.tracing.client_enabled: 0
http.ingress_http.tracing.health_check: 0
http.ingress_http.tracing.not_traceable: 0
http.ingress_http.tracing.random_sampling: 0
http.ingress_http.tracing.service_forced: 0
http.ingress_http.downstream_cx_length_ms: P0(nan,2.0) P25(nan,2.075) P50(nan,3.05) P75(nan,17.25) P90(nan,17.7) P95(nan,17.85) P99(nan,17.97) P99.5(nan,17.985) P99.9(nan,17.997) P100(nan,18.0)
http.ingress_http.downstream_rq_time: P0(nan,1.0) P25(nan,1.075) P50(nan,2.05) P75(nan,16.25) P90(nan,16.7) P95(nan,16.85) P99(nan,16.97) P99.5(nan,16.985) P99.9(nan,16.997) P100(nan,17.0)
您还可以传递一个 format 参数,例如要返回 json
$ curl -s "https://127.0.0.1:9901/stats?filter=http.ingress_http.rq&format=json" | jq '.stats'
[
{
"value": 0,
"name": "http.ingress_http.rq_direct_response"
},
{
"value": 0,
"name": "http.ingress_http.rq_redirect"
},
{
"value": 0,
"name": "http.ingress_http.rq_reset_after_downstream_response_started"
},
{
"value": 3,
"name": "http.ingress_http.rq_total"
}
]
Envoy 管理员 Web UI
Envoy 还具有一个 Web 用户界面,允许您查看和修改设置和统计信息。
将您的浏览器指向 https://127.0.0.1:9901。
