https://tjtjtj.hatenablog.com/entry/2019/05/29/230000

https://www.envoyproxy.io/docs/envoy/latest/start/start

Quick Start to Run Simple Example

$ docker pull envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3
$ docker run --rm -d -p 10000:10000 envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3
$ curl -v localhost:10000

タグ89d2bっていつのかと確認したら、Updated 7 hours ago だった。 https://hub.docker.com/r/envoyproxy/envoy-dev/tags

curl で得られたのは https://google.com だった

Simple Configuration

コンテナに入って envoy.yaml を確認

docker exec -it 29 sh
cat /etc/envoy/envoy.yaml

/etc/envoy/envoy.yaml

admin:                                       ## The admin message
  access_log_path: /tmp/admin_access.log
  address:
    socket_address:
      protocol: TCP
      address: 127.0.0.1
      port_value: 9901
static_resources:                            ## The static_resources
  listeners:                                 ## The specification of the listeners.
  - name: listener_0
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite: www.google.com
                  cluster: service_google
          http_filters:
          - name: envoy.router
  clusters:                                  ## The specification of the clusters.
  - name: service_google
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: service_google
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: www.google.com
                port_value: 443
    tls_context:
      sni: www.google.com

envoy を通してgoogle検索

envoy を通してgoogle検索できるのか試した。proxy 介したリクエストとみなされ 403。

# curl -v localhost:10000/search?q=envoy
* About to connect() to localhost port 10000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 10000 (#0)
> GET /search?q=envoy HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:10000
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< content-type: text/html; charset=UTF-8
< server: envoy
:
That’s an error. Your client does not have permission to get URL <code/search?q=envoy</code> from this server.  (Client IP address: ***.***.***.***)

Using the Envoy Docker Image

ここは、自前envoy,yaml を docker イメージに適用する方法の説明。www.bing.com に向けてみる

envoy.yaml

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address:
      protocol: TCP
      address: 127.0.0.1
      port_value: 9901
static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 10000
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite: www.bing.com
                  cluster: service_bing
          http_filters:
          - name: envoy.router
  clusters:
  - name: service_bing
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: service_bing
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: www.bing.com
                port_value: 443
    tls_context:
      sni: www.bing.com

Dockerfile

FROM envoyproxy/envoy-dev:89d2b1b1a99c94016253bf666a138e620c46f8b3
COPY envoy.yaml /etc/envoy/envoy.yaml

イメージ作ってrun

$ docker build -t envoy:v1 .
$ docker run -d --name envoy -p 9901:9901 -p 10000:10000 envoy:v1

で、curl

# curl -v localhost:10000
* About to connect() to localhost port 10000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 10000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:10000
> Accept: */*
>
< HTTP/1.1 200 OK
< cache-control: private, max-age=0
< content-length: 104152
< content-type: text/html; charset=utf-8
:

続けて検索。bingは200だった。

curl -v localhost:10000/search?q=envoy
* About to connect() to localhost port 10000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 10000 (#0)
> GET /search?q=envoy HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:10000
> Accept: */*
>
< HTTP/1.1 200 OK
< cache-control: private, max-age=0
< content-type: text/html; charset=utf-8
:
...3,400,000 件の検索結果...
...envoyの意味・使い方・読み方 | Weblio英和辞書...
...envoyの意味・使い方｜英辞郎 on the WEB：アルク...
...Envoy (Envoy proxy)、Istio とは？ - Qiita...

ブラウザ使えない環境というのがもどかしい。