问题描述
我在带有 istio 服务网格的 openshift 容器平台中部署了一个容器化应用程序/服务。在 istio 虚拟服务 yaml 中,我想验证 http 请求是否具有标头(例如:版本)并且值为 v1。我在验证标头的虚拟服务 yaml 中添加了以下配置。 但是我正在寻找可用的选项来使用 loadbalancer/ingress/openshif 路由等在 HTTP 请求中注入这个标头。 因为我的 istio-ingressgateway 服务是使用 ClusterIp 部署的。我已经使用 openshift 路由将外部流量发送到 ingressgateway。 请分享向http请求添加标头的可能方法
http:
- match:
- headers: # Match header
version: # header that we decided for dark release
exact: v1 # exact match
解决方法
应该可以像使用 virtualService 一样
spec:
hosts:
- "example.com"
gateways:
- your-gateway
http:
-
name: remove-headers
headers:
request:
remove:
- yourHeader
但我不能让它工作。 如果可以,请分享:)
,您可以使用 envoy filter 来做到这一点。
在特使过滤器下方,向所有通过 istio 入口网关的请求添加名为 customer-id 的请求标头,其值为 alice。如果有人想使用它,我还评论了响应标头的代码。
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: lua-filter
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.lua
typed_config:
"@type": "type.googleapis.com/envoy.config.filter.http.lua.v2.Lua"
inlineCode: |
function envoy_on_request(request_handle)
request_handle:headers():add("customer-id","alice")
end
# function envoy_on_response(response_handle)
# response_handle:headers():add("customer-id","alice")
# end
我用过 yaml 来测试它,它可能对测试上述过滤器有用。
- 如果您使用带有 alice 标头的上述过滤器,则所有请求都将发送到 nginx-v1
- 如果您使用带有 bob 标头的上述过滤器,则所有请求都会转到 nginx-v2
- 如果您删除此过滤器,则 nginx-v1 和 nginx-v2 之间的比例为 50/50
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-v1
spec:
selector:
matchLabels:
run: nginx1
replicas: 1
template:
metadata:
labels:
run: nginx1
app: frontend
spec:
containers:
- name: nginx1
image: nginx
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","echo Hello nginx1 > /usr/share/nginx/html/index.html"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-v2
spec:
selector:
matchLabels:
run: nginx2
replicas: 1
template:
metadata:
labels:
run: nginx2
app: frontend
spec:
containers:
- name: nginx2
image: nginx
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command: ["/bin/sh","echo Hello nginx2 > /usr/share/nginx/html/index.html"]
---
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: frontend
spec:
ports:
- name: http-front
port: 80
protocol: TCP
selector:
app: frontend
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gatewayx
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: nginxvirt
spec:
hosts:
- '*'
gateways:
- gatewayx
http:
- name: "route-1"
match:
- headers:
customer-id:
exact: alice
route:
- destination:
host: nginx
subset: v1
- name: "route-2"
match:
- headers:
customer-id:
exact: bob
route:
- destination:
host: nginx
subset: v2
- route:
- destination:
host: nginx
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: nginxdest
spec:
host: nginx
subsets:
- name: v1
labels:
run: nginx1
- name: v2
labels:
run: nginx2