4

我有一个容器化的应用程序/服务部署在带有 istio 服务网格的 openshift 容器平台中。在 istio 虚拟服务 yaml 中,我想验证 http 请求是否具有标头(例如:版本)和值 v1。我在验证标头的虚拟服务 yaml 中添加了以下配置。但是我正在寻找可用的选项来使用 loadbalancer/ingress/openshif 路由等在 HTTP 请求中注入此标头。因为我的 istio-ingressgateway 服务是使用 ClusterIp 部署的。我已经使用 openshift 路由将外部流量发送到 ingressgateway。请分享将标头添加到http请求的可能方法

  http:
    - match:
        - headers: # Match header
            version: # header that we decided for dark release
              exact: v1 # exact match
4

2 回答 2

1

您可以使用特使过滤器来做到这一点。

在 envoy 过滤器下面,向通过 istio 入口网关的所有请求添加customer-id带有值的请求标头。alice如果有人想使用它,我还注释了响应标头的代码。

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: lua-filter
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: "envoy.http_connection_manager"
            subFilter:
              name: "envoy.router"
    patch:
      operation: INSERT_BEFORE
      value:
       name: envoy.lua
       typed_config:
         "@type": "type.googleapis.com/envoy.config.filter.http.lua.v2.Lua"
         inlineCode: |
            function envoy_on_request(request_handle)
                request_handle:headers():add("customer-id", "alice")
            end
           # function envoy_on_response(response_handle)
           #     response_handle:headers():add("customer-id", "alice")
           # end

我曾经使用 yamls 来测试它,它可能对测试上述过滤器很有用。

  • 如果您将上述过滤器与 alice 标头一起使用,则所有请求都将转到 nginx-v1
  • 如果您将上述过滤器与 bob 标头一起使用,那么所有请求都会转到 nginx-v2
  • 如果删除此过滤器,则 nginx-v1 和 nginx-v2 之间的比例为 50/50
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-v1
spec:
  selector:
    matchLabels:
      run: nginx1
  replicas: 1
  template:
    metadata:
      labels:
        run: nginx1
        app: frontend
    spec:
      containers:
      - name: nginx1
        image: nginx
        ports:
        - containerPort: 80
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh", "-c", "echo Hello nginx1 > /usr/share/nginx/html/index.html"]

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-v2
spec:
  selector:
    matchLabels:
      run: nginx2
  replicas: 1
  template:
    metadata:
      labels:
        run: nginx2
        app: frontend
    spec:
      containers:
      - name: nginx2
        image: nginx
        ports:
        - containerPort: 80
        lifecycle:
          postStart:
            exec:
              command: ["/bin/sh", "-c", "echo Hello nginx2 > /usr/share/nginx/html/index.html"]



---

apiVersion: v1
kind: Service
metadata:
  name: nginx
  labels:
    app: frontend
spec:
  ports:
  - name: http-front
    port: 80
    protocol: TCP
  selector:
    app: frontend

---

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gatewayx
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: nginxvirt
spec:
  hosts:
  - '*'
  gateways:
  - gatewayx
  http:
  - name: "route-1"
    match:
    - headers:
        customer-id:
          exact: alice
    route:
    - destination:
        host: nginx
        subset: v1
  - name: "route-2"
    match:
    - headers:
        customer-id:
          exact: bob
    route:
    - destination:
        host: nginx
        subset: v2
  - route:
    - destination:
        host: nginx

---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: nginxdest
spec:
  host: nginx
  subsets:
  - name: v1
    labels:
      run: nginx1
  - name: v2
    labels:
      run: nginx2
于 2021-01-27T13:02:45.637 回答
0

应该可以使用 virtualService 之类的

spec:  
  hosts:  
  - "example.com"  
  gateways:  
  - your-gateway  
  http:  
  -   
    name: remove-headers  
    headers:  
      request:  
        remove:  
        - yourHeader

但我不能让它工作。如果可以的话请分享:)

于 2021-01-11T15:28:47.707 回答