2

I am not sure whether its feasible to create a listeners in the envoy.yaml with multiple ports to bind for incoming traffic and then forward to a service on the same ports but a different address?

Example

All HTTP traffic on port 9200 -> Use server 10.1.1.10:9200

All HTTP traffic on port 5601 -> Use server 10.1.1.10:5601

I currently have created individual listeners and routes per listener.

For example

static_resources:
  listeners:
  - name: listener_http_elastic
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 9200
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: service_elastic
          http_filters:
          - name: envoy.filters.http.router

  - name: listener_http_kibana
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 5601
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: service_kibana
          http_filters:
          - name: envoy.filters.http.router
          
         
         
         
clusters:
  - name: service_elastic
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_elastic
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: ${SERVICE_ELK}
                port_value: 9200

  - name: service_kibana
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_kibana
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: ${SERVICE_ELK}
                port_value: 5601

Any help or direction would be appreciated.

KeithMac
  • 111
  • 7
  • I don't understand : *forward to a service on the same ports but a different address*. In your example, this is the same address (10.1.1.10), but different ports (9200 and 5601). Is that a typo ? Did you mean *same address but different ports* ? Anyway, is that the repetition of the listeners that is bothering you, since it's always the same `filter_chains` config ? – norbjd Feb 12 '22 at 14:08
  • I think what I am trying to explain is to create a single listener on multiple ports, as you are correct they both go to to the same end point but on different ports. What would make the yaml file tidier and easier to read is allowing ports to be an array. That way I could create a single listener and a single service for this purpose – KeithMac Feb 24 '22 at 07:41
  • In Envoy, one listener = one address, and an address is always composed of a host (`address`) and a single port (`port_value` or `named_port`). You cannot have a listener with mutliple ports. Same for the clusters (well, you can have multiple endpoints in one cluster for load balancing, but this is not what you're trying to achieve here). So I think there is no other solution than repeat your common config per listener. In your case and based on your config, may I ask you why you are using envoy in front of your elastic and kibana ? Only for access logging ? – norbjd Feb 26 '22 at 15:45
  • Its not only for kibana and elastic, there are lots of microservices and the code is a small snippet for part of the configuration. – KeithMac Mar 04 '22 at 13:22

1 Answers1

4

add your cluster into the routes and match the URL prefix for endpoints routing

static_resources:
  listeners:
  - name: listener_http_elastic
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 9200
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
              #first cluster url match 
                  prefix: "/first_URL_match" 
                route:
                  cluster: service_elastic
                  routes:
              - match:
              #second cluster url match 
                  prefix: "/second_url_match"
                route:
                  cluster: service_kibana
          http_filters:
          - name: envoy.filters.http.router
         
clusters:
  - name: service_elastic
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_elastic
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: ${SERVICE_ELK}
                port_value: 9200

  - name: service_kibana
    connect_timeout: 0.25s
    type: LOGICAL_DNS
    # Comment out the following line to test on v6 networks
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_kibana
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: ${SERVICE_ELK}
                port_value: 5601
channaveer
  • 39
  • 4