简介我们要网格服务发现、路由、断路器降级、负载均衡,而这些流量治理只能在数据面的Envoy中进行。Envoy也提供了Filter机制来完成这些功能,通常有以下几种方式:通过用C++代码自定义filter来重新编译Envoy使用Lua脚本扩展filter使用wasm扩展Envoy1.wasm的工作原理第一类C++编译学习成本太高,维护也很困难。第二种适合实现简单的功能。第三类是重点发展方向。用其他语言编写过滤器,通过wasm编译运行后嵌入到Envoy中,通过可移植的二进制指令实现。具有以下特点:动态加载在Envoy中执行,无需修改Envoy代码,易于维护,支持多种开发语言,如tinygo,进程级隔离影响VM沙箱运行部门的Envoy进程流程,进入EnvoyDiagram:2.Thewasm安装过程安装Isito1.9.9。当前的最新版本是v0。0.33,支持的Istio为1.9.Xhttps://github.com/solo-io/wasm/releases/卸载原来的istio1.10版本,安装1.9.9istioctlxuninstall--purgeistio1.9.9安装路径,见上篇文章具体安装过程https://github.com/istio/istio/releases/download/1.9.9/istio-1.9.9-linux-amd64.tar.gzdeclarativemountingwasme下有详细的安装建议,推荐在生产环境中使用语句类型mount:https://docs.solo.io/web-assembly-hub/latest/tutorial_code/wasme_operator/1。安装WasmeCRDskubectlapply-fhttps://github.com/solo-io/wasm/releases/latest/download/wasme.io_v1_crds.yaml#kubectlapply-fwasme.io_v1_crds.yamlcustomresourcedefinition.apiextensions.k8s.io/filterdeployments.wasme.iocreated2。安装Operator组件kubectlapply-fhttps://github.com/solo-io/wasm/releases/最新/下载/wasme-default.yaml#kubectlapply-fwasme-default.yamlnamespace/wasmecreatedserviceaccount/wasme-operatorcreatedserviceaccount/wasme-cachecreatedconfigmap/wasme-cachecreatedclusterrole.rbac.authorization.k8s.io/wasme-operatorcreatedclusterrole.rbac.authorizationk8s.io/wasme-cachecreatedclusterrolebinding.rbac.authorization.k8s.io/wasme-operatorcreatedclusterrolebinding.rbac.authorization.k8s.io/wasme-cachecreateddaemonset.apps/wasme-cachecreateddeployment.apps/wasme-operatorcreated3。Checkwhethertheinstallationissuccessful#kubectlgetpod-nwasmeNAMEREADYSTATUSRESTARTSAGEwasme-cache-96mnm1/1Running023swasme-cache-ktnpb1/1Running023swasme-cache-w929m1/1Running023swasme-operator-75bbf94974-nb6841/1Running023sMountworkingprincipleCommandlineinstallation/webiodocsofficialinstallationdocumentation.https://iodocs-assembly-hub/latest/tutorial_code/getting_started/网络好的话可以使用快速安装命令curl-sLhttps://run.solo.io/wasme/install|sh看看都做了些什么install_cli.sh安装脚本if["$(uname-s)"="Darwin"];thenOS=darwin//Mac是darwinelseOS=linuxfi//重命名并授予执行权限cd"$HOME"mkdir-p".wasme/bin"mv"${tmp}/${filename}"".wasme/bin/wasme"chmod+x".wasme/bin/wasme"//加入环境变量exportPATH=\$HOME/.wasme/bin:\$PATH"Mac可以下载wasme-darwin-amd64,按照安装即可exportPATH=$PATH:/Users/yongliang/work/software_install/wasme/binsource~/.bash_profilechmod+x/Users/yongliang/work/software_install/wasme/bin/wasmewasme--versionwasmeversion0.0.333.wasm生成过滤器官方指南见:https://docs.solo.io/web-assembly-hub/latest/tutorial_code/build_tutorials/building_assemblyscript_filters/先以tinygo为例看看效果After:wasmeinitmelon-filter?tinygo?istio:1.7.x,gloo:1.6.x,istio:1.8.x,istio:1.9.x目录结构-rw-r--r--1yongliangstaff83111519:26go.mod-rw-r--r--1yongliangstaff676111519:26go.sum-rw-r--r--1yongliangstaff1707111519:26main.go-rw-r--r--1yongliangstaff162111519:26runtime-config.jsonruntime-config.json被wamse用来构建filter必须包含rootIds字段{"type":"envoy_proxy""abiVersions":["v0-4689a30309abf31aee9ae36e73d34b1bb182685f","v0.2.1"],"配置":{"rootIds":["root_id"]}}main.go是生成的示例代码,主要是在返回响应的Header中添加信息,修改为""hello","melon""func(ctx*httpHeaders)OnHttpResponseHeaders(numHeadersint,endOfStreambool)types.Action{iferr:=proxywasm.SetHttpResponseHeader("hello","melon");err!=nil{proxywasm.LogCriticalf("failedtoseresponseheader:%v",err)}返回类型.ActionContinue}4.wasm构建过程耗时较长。wasmebuildtinygo/Users/yongliang/GoLandProjects/melon-filter-txxx/base/melon-add-header:v0.1Unabletofindimage'quay.io/solo-io/ee-builder:0.0.33'locally0.0.33:Pullingfromsolo-io/ee-builderdf27e1f7c31e:Pullcomplete0a8813a60e2e:Pullcomplete3c2cba919283:Pullcomplete26f4837a47c0:Pullcompletedd7b292cf068:Pullcomplete4a4d78f042bc:Pullcomplete9108a736d6a0:Pullcomplete70ac09daaa76:Pullcomplete809bdff17a4d:Pullcomplete31fc029d676e:Pullcomplete85533903f7c2:Pullcompletef87e543b124a:Pullcomplete93d78f561264:Pullcomplete8ba3d0f61e41:Pullcompleted511201136be:PullcompleteDigest:sha256:94b6ce4624b0c4ed4cfa4f311c8af57083b538949b5c88ce62ef984f9b81ef66Status:Downloadednewerimageforquay.io/solo-io/ee-builder:0.0.33Buildingwithtinygo...go:downloadinggithub.com/tetratelabs/proxy-wasm-go-sdkv0.1.1INFO[2146]addingimagetocache...filterfile=/tmp/wasme066130090/filter.wasmtag="xxx/base/melon-add-header:v0.1"INFO[2146]taggedimagedigest="sha256:750d63889653e7117fcbc0831f10f0e1d3f7dec0c82fe5787b71d3basea97-header:v0.1"图片为melistNAMETAGSIZESHAUPDATEDxxxx/base/melon-add-headerv0.1247.6kB750d638815Nov2120:23CST备注:官方搭建教程见https://docs.solo.io/web-assembly-hub/latest/tutorial_code/build_tutorials/building_assemblyscript_filters/Imagepush将构建好的镜像推送到远程仓库wasmepushxxx/base/melon-add-header:v0.1INFO[0000]Pushingimagexxxn/base/melon-add-header:v0.1INFO[0004]Pushedxxx/base/melon-add-header:v0.1INFO[0004]摘要:sha256:27aecb092318b2f922204ce722a34e5c2866baa168cf2f9f00c303b1982cfa9a备注:官方推送教程melon-add-header.yaml内容参考https://docs.solo.io/web-assembly-hub/latest/tutorial_code/push_tutorials/basic_push/:name:melon-add-headernamespace:defaultspec:deployment:istio:kind:Deploymentfilter:image:xxx/base/melon-add-header:v0.1执行部署命令kubectlapply-fmelon-add-header.yamlfilterdeployment.wasme.io/melon-add-headercreated备注:官方教程见https://docs.solo.io/web-assembly-hub/latest/tutorial_code/wasme_operator/6.Validation验证1.接入网格Mesh服务2.验证ResponseHeaders中是否添加了"hello:melon"公众号。
