2

我正在尝试运行我的 WASM Go 过滤器以使用 net/http 模块进行外部 HTTP 调用。Envoy 无法加载 WASM 代码。为什么导入失败?

Envoy/Istio 版本: istio/proxyv2:1.11.4

SDK版本: v0.16.1-0.20220127085108-af57b89bc067

TinyGo 版本: tinygo 版本 0.22.0 darwin/amd64(使用 go 版本 go1.17.6 和 LLVM 版本 13.0.0)

错误日志

2022-01-31T20:34:18.513749Z error   envoy wasm  Failed to load Wasm module due to a missing import: env.time.resetTimer
2022-01-31T20:34:18.513794Z error   envoy wasm  Failed to load Wasm module due to a missing import: env.time.stopTimer
2022-01-31T20:34:18.513807Z error   envoy wasm  Failed to load Wasm module due to a missing import: env.time.startTimer
2022-01-31T20:34:18.513817Z error   envoy wasm  Failed to load Wasm module due to a missing import: env.sync/atomic.AddInt32
2022-01-31T20:34:18.513826Z error   envoy wasm  Failed to load Wasm module due to a missing import: wasi_snapshot_preview1.fd_filestat_get
2022-01-31T20:34:18.513833Z error   envoy wasm  Failed to load Wasm module due to a missing import: wasi_snapshot_preview1.fd_pread
2022-01-31T20:34:18.513840Z error   envoy wasm  Failed to load Wasm module due to a missing import: wasi_snapshot_preview1.fd_prestat_get
2022-01-31T20:34:18.513846Z error   envoy wasm  Failed to load Wasm module due to a missing import: wasi_snapshot_preview1.fd_prestat_dir_name
2022-01-31T20:34:18.513854Z error   envoy wasm  Failed to load Wasm module due to a missing import: wasi_snapshot_preview1.path_open
2022-01-31T20:34:18.513864Z error   envoy wasm  Wasm VM failed Failed to initialize Wasm code
2022-01-31T20:34:18.517062Z critical    envoy wasm  Plugin configured to fail closed failed to load
2022-01-31T20:34:18.517191Z warning envoy config    gRPC config for type.googleapis.com/envoy.config.core.v3.TypedExtensionConfig rejected: Unable to create Wasm HTTP filter

tinygo build -o main.wasm -scheduler=asyncify -target=wasi main.go

实际代码

package main

import (
    "errors"

    "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
    "github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
    "io/ioutil"
    "time"
    "net/http"
)

const (
    sharedDataKey                 = "hello_world_shared_data_key"
)

func main() {
    proxywasm.SetVMContext(&vmContext{})
}

type (
    vmContext     struct{}
    pluginContext struct {
        // Embed the default plugin context here,
        // so that we don't need to reimplement all the methods.
        types.DefaultPluginContext
    }

    httpContext struct {
        // Embed the default http context here,
        // so that we don't need to reimplement all the methods.
        types.DefaultHttpContext
    }
)

// Override types.VMContext.
func (*vmContext) OnVMStart(vmConfigurationSize int) types.OnVMStartStatus {

    proxywasm.LogInfo("Inside OnVMStart")


    http := http.Client{Timeout: time.Duration(10) * time.Second}
    resp, err := http.Get("http://SOME_URL:8001/echo?message=hello_world")
    if err != nil {
        proxywasm.LogWarnf("Error calling hello_world/echo on OnVMStart: %v", err)
    }

    defer resp.Body.Close()
    
    body, err := ioutil.ReadAll(resp.Body)

    if err != nil {
        proxywasm.LogWarnf("Error parsing hello_world/echo response on OnVMStart: %v", err)
    }


    proxywasm.LogInfof("Response Body : %s", body)
    
    

    initialValueBuf := []byte("body")
    if err := proxywasm.SetSharedData(sharedDataKey, initialValueBuf, 0); err != nil {
        proxywasm.LogWarnf("Error setting shared hello_world data on OnVMStart: %v", err)
    }
    return types.OnVMStartStatusOK
}

// Override types.DefaultVMContext.
func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext {
    return &pluginContext{}
}

// Override types.DefaultPluginContext.
func (*pluginContext) NewHttpContext(contextID uint32) types.HttpContext {
    return &httpContext{}
}

// Override types.DefaultHttpContext.
func (ctx *httpContext) OnHttpRequestHeaders(numHeaders int, endOfStream bool) types.Action {
    for {
        value, err := ctx.getSharedData()
        if err == nil {
            proxywasm.LogInfof("shared data value: %s", value)
        } else if errors.Is(err, types.ErrorStatusCasMismatch) {
            continue
        }
        break
    }
    return types.ActionContinue
}

func (ctx *httpContext) getSharedData() (string, error) {
    value, cas, err := proxywasm.GetSharedData(sharedDataKey)
    if err != nil {
        proxywasm.LogWarnf("error getting shared data on OnHttpRequestHeaders with cas %d: %v ", cas, err)
        return "error", err
    }

    shared_value := string(value)
    
    return shared_value, err
}
4

1 回答 1

3

不幸的是,这并不容易。

TinyGo 可能支持该模块,但在为 Envoy 使用 WASM 模块时,您不能“仅仅”调用一些任意 API。

更准确地说,WASM 模块在沙箱中运行,并且只能进行运行时明确允许的调用。对于 Envoy,wasm 代理 sdk 提供了一种简单的机制来调用这些 API。

proxy-wasm-go-sdk提供您可以使用的这些 API 调用。

有一个函数proxywasm.DispatchHttpCall。但是,您必须“使用 Envoy 方式”进行 http 调用。

请注意,该调用中的“集群”不是一个简单的 URL,而是一个Envoy Clusteroutbound|80||some-service.some-namespace.svc.cluster.local如果您有任何使用 Istio 代理定义的服务,您也可以尝试使用 Istio 定义的集群。

您可以使用 istioctl 查找代理配置,例如,对于入口网关:

istioctl proxy-config all istio-ingressgateway-YOUR-POD -o json | less

在 Istio 中添加ServiceEntries时,您可能还会在网格中获得这样的“集群”。请注意,服务条目也可以引用外部主机,而不仅仅是集群内服务。

否则,您可能会尝试像在基于Envoy 的速率限制中那样添加手动集群,尽管这也很容易出错。

- applyTo: CLUSTER
  match:
    cluster:
      service: ratelimit.default.svc.cluster.local
  patch:
    operation: ADD
    # Adds the rate limit service cluster for rate limit service defined in step 1.
    value:
      name: rate_limit_cluster
      type: STRICT_DNS
      connect_timeout: 10s
      lb_policy: ROUND_ROBIN
      http2_protocol_options: {}
      load_assignment:
        cluster_name: rate_limit_cluster
        endpoints:
        - lb_endpoints:
          - endpoint:
              address:
                 socket_address:
                  address: ratelimit.default.svc.cluster.local
                  port_value: 8081

Envoy Lua 过滤器的这个描述中,你会看到一些例子。虽然不是WASM,但原理还是一样的

对于 Go,您可以尝试类似

headers := [][2]string{
    {":method", "GET"},
    {":path", "/echo?message=hello_world"},
    {":authority", "SOME_HOST"},
    {":scheme", "http"},
}

_, err := proxywasm.DispatchHttpCall("CLUSTER",
    headers,
    nil,
    nil,
    1000,
    func(numHeaders, bodySize, numTrailers int) {
        resp, _ := proxywasm.GetHttpCallResponseBody(0, 10000)
        r := string(resp)
        proxywasm.LogDebugf("RESPONSE %v", r)
    },
)
于 2022-02-01T15:51:00.980 回答