Envoy 管理介面

Envoy 提供的可選管理介面,可讓您檢視設定和統計資訊、變更伺服器的行為,以及根據特定篩選規則來監聽流量。

注意

本指南提供組態資訊,以及使用幾個管理端點的基本範例。

如需所有可用端點的相關資訊,請參閱管理文件

需求

以下某些範例會使用 jq 工具來剖析管理伺服器的輸出。

admin

需要 admin 訊息才能啟用和設定管理伺服器。

address 鍵指定監聽的 位址,在示範設定中為 0.0.0.0:9901

在此範例中,記錄會直接捨棄。

admin:
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 9901

警告

Envoy 管理端點可能會洩漏執行服務的私人資訊,允許修改執行階段設定,並且也可用於關閉伺服器。

由於端點未經過驗證,因此務必限制對其的存取。

您可能會希望在自己的部署中限制管理伺服器監聽的網路位址,作為您限制此端點存取的策略的一部分。

stat_prefix

必須使用 HttpConnectionManager 設定 Envoy 的 stat_prefix

這會提供一個金鑰,在查詢統計資訊介面時可以進行篩選,如下所示

envoy-demo.yaml 中,監聽器會使用 stat_prefix 設定為 ingress_http

 1static_resources:
 2
 3  listeners:
 4  - name: listener_0
 5    address:
 6      socket_address:
 7        address: 0.0.0.0
 8        port_value: 10000
 9    filter_chains:
10    - filters:
11      - name: envoy.filters.network.http_connection_manager
12        typed_config:
13          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
14          stat_prefix: ingress_http
15          access_log:
16          - name: envoy.access_loggers.stdout
17            typed_config:
18              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
19          http_filters:
20          - name: envoy.filters.http.router
21            typed_config:
22              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
23          route_config:
24            name: local_route
25            virtual_hosts:
26            - name: local_service
27              domains: ["*"]
28              routes:
29              - match:

管理端點:config_dump

config_dump 端點會以 json 格式傳回 Envoy 的執行階段設定。

以下命令可讓您查看可用的設定類型

$ curl -s https://127.0.0.1:9901/config_dump | jq -r '.configs[] | .["@type"]'
type.googleapis.com/envoy.admin.v3.BootstrapConfigDump
type.googleapis.com/envoy.admin.v3.ClustersConfigDump
type.googleapis.com/envoy.admin.v3.ListenersConfigDump
type.googleapis.com/envoy.admin.v3.ScopedRoutesConfigDump
type.googleapis.com/envoy.admin.v3.RoutesConfigDump
type.googleapis.com/envoy.admin.v3.SecretsConfigDump

若要檢視目前設定的第一個 dynamic_listenersocket_address,您可以使用

$ curl -s https://127.0.0.1:9901/config_dump?resource=dynamic_listeners | jq '.configs[0].active_state.listener.address'
{
  "socket_address": {
    "address": "0.0.0.0",
    "port_value": 10000
  }
}

注意

如需可用參數和回應的詳細資訊,請參閱 config_dump 的參考章節。

提示

啟用具有動態設定的 admin 介面會特別有用,因為它可以讓您使用 config_dump 端點,以查看 Envoy 在特定時間點的設定方式。

管理端點:stats

管理統計資訊 端點可讓您擷取有關 Envoy 的執行階段資訊。

統計資訊會以 key: value 配對形式提供,其中金鑰使用階層式點分隔表示法,而值則為 counterhistogramgauge 類型之一。

若要查看可用的頂層統計資訊類別,您可以使用

$ curl -s https://127.0.0.1:9901/stats | cut -d. -f1 | sort | uniq
cluster
cluster_manager
filesystem
http
http1
listener
listener_manager
main_thread
runtime
server
vhost
workers

統計資訊端點接受 filter 引數,該引數會評估為正規表示式

$ curl -s https://127.0.0.1:9901/stats?filter='^http\.ingress_http'
http.ingress_http.downstream_cx_active: 0
http.ingress_http.downstream_cx_delayed_close_timeout: 0
http.ingress_http.downstream_cx_destroy: 3
http.ingress_http.downstream_cx_destroy_active_rq: 0
http.ingress_http.downstream_cx_destroy_local: 0
http.ingress_http.downstream_cx_destroy_local_active_rq: 0
http.ingress_http.downstream_cx_destroy_remote: 3
http.ingress_http.downstream_cx_destroy_remote_active_rq: 0
http.ingress_http.downstream_cx_drain_close: 0
http.ingress_http.downstream_cx_http1_active: 0
http.ingress_http.downstream_cx_http1_total: 3
http.ingress_http.downstream_cx_http2_active: 0
http.ingress_http.downstream_cx_http2_total: 0
http.ingress_http.downstream_cx_http3_active: 0
http.ingress_http.downstream_cx_http3_total: 0
http.ingress_http.downstream_cx_idle_timeout: 0
http.ingress_http.downstream_cx_max_duration_reached: 0
http.ingress_http.downstream_cx_overload_disable_keepalive: 0
http.ingress_http.downstream_cx_protocol_error: 0
http.ingress_http.downstream_cx_rx_bytes_buffered: 0
http.ingress_http.downstream_cx_rx_bytes_total: 250
http.ingress_http.downstream_cx_ssl_active: 0
http.ingress_http.downstream_cx_ssl_total: 0
http.ingress_http.downstream_cx_total: 3
http.ingress_http.downstream_cx_tx_bytes_buffered: 0
http.ingress_http.downstream_cx_tx_bytes_total: 1117
http.ingress_http.downstream_cx_upgrades_active: 0
http.ingress_http.downstream_cx_upgrades_total: 0
http.ingress_http.downstream_flow_control_paused_reading_total: 0
http.ingress_http.downstream_flow_control_resumed_reading_total: 0
http.ingress_http.downstream_rq_1xx: 0
http.ingress_http.downstream_rq_2xx: 3
http.ingress_http.downstream_rq_3xx: 0
http.ingress_http.downstream_rq_4xx: 0
http.ingress_http.downstream_rq_5xx: 0
http.ingress_http.downstream_rq_active: 0
http.ingress_http.downstream_rq_completed: 3
http.ingress_http.downstream_rq_http1_total: 3
http.ingress_http.downstream_rq_http2_total: 0
http.ingress_http.downstream_rq_http3_total: 0
http.ingress_http.downstream_rq_idle_timeout: 0
http.ingress_http.downstream_rq_max_duration_reached: 0
http.ingress_http.downstream_rq_non_relative_path: 0
http.ingress_http.downstream_rq_overload_close: 0
http.ingress_http.downstream_rq_response_before_rq_complete: 0
http.ingress_http.downstream_rq_rx_reset: 0
http.ingress_http.downstream_rq_timeout: 0
http.ingress_http.downstream_rq_too_large: 0
http.ingress_http.downstream_rq_total: 3
http.ingress_http.downstream_rq_tx_reset: 0
http.ingress_http.downstream_rq_ws_on_non_ws_route: 0
http.ingress_http.no_cluster: 0
http.ingress_http.no_route: 0
http.ingress_http.passthrough_internal_redirect_bad_location: 0
http.ingress_http.passthrough_internal_redirect_no_route: 0
http.ingress_http.passthrough_internal_redirect_predicate: 0
http.ingress_http.passthrough_internal_redirect_too_many_redirects: 0
http.ingress_http.passthrough_internal_redirect_unsafe_scheme: 0
http.ingress_http.rq_direct_response: 0
http.ingress_http.rq_redirect: 0
http.ingress_http.rq_reset_after_downstream_response_started: 0
http.ingress_http.rq_total: 3
http.ingress_http.rs_too_large: 0
http.ingress_http.tracing.client_enabled: 0
http.ingress_http.tracing.health_check: 0
http.ingress_http.tracing.not_traceable: 0
http.ingress_http.tracing.random_sampling: 0
http.ingress_http.tracing.service_forced: 0
http.ingress_http.downstream_cx_length_ms: P0(nan,2.0) P25(nan,2.075) P50(nan,3.05) P75(nan,17.25) P90(nan,17.7) P95(nan,17.85) P99(nan,17.97) P99.5(nan,17.985) P99.9(nan,17.997) P100(nan,18.0)
http.ingress_http.downstream_rq_time: P0(nan,1.0) P25(nan,1.075) P50(nan,2.05) P75(nan,16.25) P90(nan,16.7) P95(nan,16.85) P99(nan,16.97) P99.5(nan,16.985) P99.9(nan,16.997) P100(nan,17.0)

您也可以傳遞 format 引數,例如傳回 json

$ curl -s "https://127.0.0.1:9901/stats?filter=http.ingress_http.rq&format=json" | jq '.stats'

[
  {
    "value": 0,
    "name": "http.ingress_http.rq_direct_response"
  },
  {
    "value": 0,
    "name": "http.ingress_http.rq_redirect"
  },
  {
    "value": 0,
    "name": "http.ingress_http.rq_reset_after_downstream_response_started"
  },
  {
    "value": 3,
    "name": "http.ingress_http.rq_total"
  }
]

Envoy 管理網頁 UI

Envoy 也有一個網頁使用者介面,可讓您檢視和修改設定和統計資訊。

將您的瀏覽器指向 https://127.0.0.1:9901

../../_images/envoy-admin.png