搭建gloo閘道器(基於envoy)的wasm實驗環境(阿里雲、本機)

anovaleoy2005發表於2020-10-16
ASM阿里

背景

WebAssembly是一種可以將多種語言編譯成目標位元組碼,並在相應的wasm虛擬機器中執行的技術。

在service mesh中,通常使用envoy作為proxy sidecar。而envoy是基於c++編寫,擴充套件和定製稍有不便。

藉助WebAssembly,我們可以利用其他語言比如AssemblyScript(ts),Rust等來編寫envoy的擴充套件(類似與用lua擴充套件nginx),並在envoy中執行。

目前envoy官方倉庫僅有wasm分支對wasm進行了實驗性支援,所以本文基於gloo(官方支援wasm的一個api閘道器)進行搭建。

環境介紹

ECS:阿里雲香港,2c4g,ubuntu20.04

本機:ubuntu18

搭建步驟

  1. docker
  2. minikube
  3. gloo

docker

參考:https://docs.docker.com/engine/install/ubuntu/

# 解除安裝原有docker安裝
$ sudo apt-get remove docker docker-engine docker.io containerd runc

$ sudo apt-get update

# 安裝必要依賴
$ sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

# 下載key
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# 驗證key
$ sudo apt-key fingerprint 0EBFCD88

# 新增倉庫
$ sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

# 更新源、安裝
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io

# 驗證安裝
$ sudo docker run hello-world

minikube

先安裝kubectl

參考:https://kubernetes.io/docs/tasks/tools/install-kubectl/

由於google連不上,本機國內安裝參考:

https://zhuanlan.zhihu.com/p/38118017

https://www.cnblogs.com/dudu/p/12155869.html

$ sudo apt-get update && sudo apt-get install -y apt-transport-https gnupg2 curl
$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
$ echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
$ sudo apt-get update
$ sudo apt-get install -y kubectl

再安裝minikube

參考:https://minikube.sigs.k8s.io/docs/start/#install-minikube

本機國內安裝參考:https://developer.aliyun.com/article/221687

# 下載安裝
$ curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
$ sudo install minikube-linux-amd64 /usr/local/bin/minikube

# 啟動(預設使用docker驅動)
$ minikube start

# 如果連線docker報錯(/var/run/docker.sock: connect: permission denied),可能是使用者許可權的問題:
$ sudo usermod -aG docker $USER
$ newgrp docker
$ sudo service docker restart

# 驗證
$ kubectl get po -A

gloo

gloo是一個基於envoy的api gateway,介紹及文件:https://docs.solo.io/gloo/latest/

# 安裝glooctl工具
$ curl -sL https://run.solo.io/gloo/install | sh
$ export PATH=$HOME/.gloo/bin:$PATH
$ glooctl version

# 安裝gloo的upstream示例程式petstore
$ kubectl apply -f https://raw.githubusercontent.com/solo-io/gloo/master/example/petstore/petstore.yaml

# 安裝gloo的wasm版本
$ glooctl install gateway --values <(echo '{"crds":{"create":true},"global":{"wasm":{"enabled":true}}}')

# 新增virtual service路由
$ cat <<EOF | kubectl apply -f-
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: default
  namespace: gloo-system  
spec:
  virtualHost:
    domains:
    - '*'
    routes:
    - matchers:
      - prefix: /
      routeAction:
        single:
          upstream:
            name: default-petstore-8080
            namespace: gloo-system
EOF

# 驗證路由
$ curl -v $(glooctl proxy url)/api/pets

# 正常情況下輸出
*   Trying 192.168.49.2:30277...
* TCP_NODELAY set
* Connected to 192.168.49.2 (192.168.49.2) port 30277 (#0)
> GET /api/pets HTTP/1.1
> Host: 192.168.49.2:30277
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/xml
< date: Fri, 16 Oct 2020 03:49:56 GMT
< content-length: 86
< x-envoy-upstream-service-time: 1
< server: envoy
< 
[{"id":1,"name":"Dog","status":"available"},{"id":2,"name":"Cat","status":"pending"}]

編譯wasm示例:https://docs.solo.io/web-assembly-hub/latest/tutorial_code/getting_started/

# 安裝wasme工具
$ curl -sL https://run.solo.io/wasme/install | sh
$ export PATH=$HOME/.wasme/bin:$PATH
$ wasme --version

# 初始化wasm工程
$ wasme init ./new-filter

# 選擇語言
? What language do you wish to use for the filter:
    cpp
  ▸ assemblyscript
? With which platforms do you wish to use the filter?:
  ▸ gloo:1.3.x, istio:1.5.x

# 編譯
$ wasme build assemblyscript -t webassemblyhub.io/$YOUR_USERNAME/add-header:v0.1 .

# 檢視本地編譯結果
$ wasme list

# 到webassemblyhub.io建立一個賬號
# 推送編譯結果到倉庫
$ wasme login -u $YOUR_USERNAME -p $YOUR_PASSWORD
$ wasme push webassemblyhub.io/$YOUR_USERNAME/add-header:v0.1
# 檢視推送結果
$ wasme list --search $YOUR_USERNAME

驗證結果,header中已包含外掛寫入的hello world

# 將wasm filter注入到gloo閘道器中
$ wasme deploy gloo webassemblyhub.io/$YOUR_USERNAME/add-header:v0.1 --id=add-header

# 再次訪問
$ curl -v $(glooctl proxy url)/api/pets

*   Trying 192.168.49.2:30277...
* TCP_NODELAY set
* Connected to 192.168.49.2 (192.168.49.2) port 30277 (#0)
> GET /api/pets HTTP/1.1
> Host: 192.168.49.2:30277
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/xml
< date: Fri, 16 Oct 2020 03:49:56 GMT
< content-length: 86
< x-envoy-upstream-service-time: 1
< hello: world!
< server: envoy
< 
[{"id":1,"name":"Dog","status":"available"},{"id":2,"name":"Cat","status":"pending"}]

 

相關參考:

編寫wasm外掛:https://docs.solo.io/web-assembly-hub/latest/tutorial_code/build_tutorials

部署wasm外掛:https://docs.solo.io/web-assembly-hub/latest/tutorial_code/deploy_tutorials

搭建istio環境:https://istio.io/latest/docs/setup/getting-started/#download

相關文章