使用网关将入口请求路由到多个端点
If you want to expose multiple service endpoints behind a single host name, you can create a gateway . A gateway has a hostname similar to a public service endpoint. For more information about public service endpoints, see Configure service ingress.
Gateways route ingress requests, including inference requests, from outside Snowflake to one or more service endpoints. With Gateways, you can do the following:
-
服务之间的流量分配: 您可以允许多个服务共享同一主机名。路由是根据为每个服务指定的百分比进行的。这在以下场景中很有用:
- A/B 测试场景: 您可以选择更新服务并对其部署,同时保持原始服务运行。为了进行测试,您可以选择将一定比例的传入入口请求路由到更新后的服务以进行测试。
- High-availability scenario: You have a highly available service that is deployed across, say, two compute pools, where each compute pool is created in a different placement group. You might choose to use the gateway to split incoming ingress requests.
-
稳定 URL: 每个网关在创建时都会分配一个主机名。主机名在网关对象的生命周期内不会更改。您可以更改网关对象以路由到不同的端点或拥有不同的百分比配置。更改会在一分钟内生效。
以下列表显示了服务端点和网关之间的区别:
- 浏览器安全性: 服务端点支持 CORS 配置 (corsSettings) 和云服务提供商 (CSP) 标头,以通过外部访问集成进行基于浏览器的访问。网关目前不支持 CORS 或 CSP 标头。
- Caller’s rights: Service endpoint supports caller’s rights. A gateway currently doesn’t support caller’s rights.
- Role-based access control (RBAC): When you use a service endpoint, access is managed by using service roles. When you use a gateway, access is managed by granting the USAGE privilege on the gateway object. Users accessing a gateway don’t need service roles for the underlying service endpoints.
Gateway routing respects the relative percentage of the specified healthy endpoints. For more information about a gateway’s failover behavior, see 网关故障转移行为.
After you’ve reviewed the following sections, you can create and alter a gateway. For information about creating a gateway, see CREATE GATEWAY. For information about altering a gateway, see ALTER GATEWAY.
访问控制要求
网关的所有者角色必须具有以下权限:
| 权限 | 对象 | 备注 |
|---|---|---|
| CREATE GATEWAY | 架构 | 创建网关时需要。 |
| BIND SERVICE ENDPOINT | 账户 | 将服务端点绑定到网关时需要。 |
| USAGE | 数据库 | 访问包含网关的数据库时需要。 |
| USAGE | 架构 | 访问包含网关的架构时需要。 |
| USAGE | 目标端点 | 将流量路由到目标端点时需要。 |
| MODIFY 或 OWNERSHIP | 网关 | 更改网关配置时需要。 |
| USAGE、MODIFY 或 OWNERSHIP | 网关 | 查看网关规范时需要。 |
Note
列出网关时,Snowflake 仅显示角色拥有 USAGE、MODIFY 或 OWNERSHIP 权限的网关。使用的角色还必须拥有对包含网关的数据库和架构的 USAGE 权限。
For gateway CREATE, ALTER, and DROP operations, see CREATE GATEWAY, ALTER GATEWAY, and DROP GATEWAY.
配置
默认情况下,每个网关最多有 5 个端点。如果需要更多端点,请联系支持部门,将流量拆分到更多端点。
网关故障转移行为
网关故障转移是指当某个端点(端点 A)不可用或无法运行时,网关自动将流量从端点 A 重定向到其他端点的过程。
Note
Snowflake 不会故障转移到拆分到 0% 流量的端点。端点必须拆分到至少 1% 的流量。
遵循可用端点的相对百分比。
如果以下任一条件为 true,则会发生从一个端点(端点 A)故障转移到其他至少拆分到 1% 流量的端点:
- The service of Endpoint A is suspended and
auto_resumeis set to false. - 端点 A 的计算池已暂停。
- The service of Endpoint A fails the readiness probe. This is updated once every 40 seconds (cache refresh rate) at the longest. At the time of the update, traffic is immediately adjusted with no ramp up period.
- 端点 A 的服务已删除。
- 网关所有者角色失去对端点 A 的权限(USAGE 或 OWNERSHIP)。