我写了一个虚拟服务来测试基于头的路由
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: http-app
namespace: default
spec:
hosts:
- http-app.default.svc.cluster.local
http:
- match:
- headers:
canary-token:
exact: haha
route:
- destination:
host: http-app.default.svc.cluster.local
subset: canary
- route:
- destination:
host: http-app.default.svc.cluster.local
subset: stable
当服务是正确的时候,
apiVersion: v1
kind: Service
metadata:
name: http-app
namespace: default
labels:
env: prod
spec:
type: ClusterIP
selector:
app: http-app
ports:
- port: 3011
targetPort: 3011
[2023-08-28T04:00:01.156Z] "GET /mesh HTTP/1.1" 200 - via_upstream - "-" 0 78 645 644 "192.168.65.4, 127.0.0.6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.54" "24cb1d39-33f6-4e07-8ba5-fefc4c656498" "nginx-app.local" "10.1.13.85:3011" outbound|3011|canary|http-app.default.svc.cluster.local 10.1.13.93:44452 10.104.186.154:3011 127.0.0.6:0 - -
但是当我像这样显式地将protocol设置为http时,
ports:
- port: 3011
targetPort: 3011
appProtocol: http
或本
ports:
- name: http-app
port: 3011
targetPort: 3011
流量路由将为allow_any
[2023-08-28T11:23:10.344Z] "GET /mesh HTTP/1.1" 200 - via_upstream - "-" 0 78 652 652 "192.168.113.118,192.168.65.4, 127.0.0.6" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.54" "f54af48b-6f67-4f64-ba05-2d5d9215fd8c" "nginx-app.local" "10.104.186.154:3011" PassthroughCluster 10.1.13.93:38016 10.104.186.154:3011 127.0.0.6:0 - allow_any
为什么在显式设置协议后,基于报头的路由不起作用?
1条答案
按热度按时间w7t8yxp51#
注意:当您配置name或appProtocol时,Istio会将该端口上的流量视为普通HTTP。这意味着Istio不会出于路由目的检查或操作HTTP头,包括canary-token头。这意味着VirtualService中定义的基于头的路由规则将不会被应用,流量将被允许自由地流向指定的端口,而不考虑金丝雀令牌头。
解决方案:
如果您希望Istio基于canary-token头执行基于头的路由,则不应显式将协议设置为http或将端口命名为http-app。默认情况下,Istio执行L7路由,检查HTTP头和其他应用层属性以做出路由决策。
因此,要启用基于头的路由,您应该使用服务端口的原始配置,而不指定appProtocol或使用名称http-app。这样,Istio将继续检查HTTP头并应用您在VirtualService中定义的路由规则。
参考:https://istio.io/latest/docs/reference/config/networking/virtual-service/
What is the difference between Istio VirtualService and Kubernetes Service?