我正在尝试让 EnvoyFilters 在我的安装中工作。\n出于测试目的,我正在尝试设置 lua 过滤器来记录哑消息并向响应添加标头。
\n这是我的配置:
\napiVersion: networking.istio.io/v1alpha3\nkind: EnvoyFilter\nmetadata:\n name: dumb-filter\n namespace: istio-system\nspec:\n # workloadSelector:\n # labels:\n # istio: ingressgateway\n configPatches:\n # - applyTo: VIRTUAL_HOST\n - applyTo: HTTP_ROUTE\n match:\n context: GATEWAY\n # context: ANY\n routeConfiguration:\n vhost:\n # name: "<domain>:443"\n route:\n #TODO: Understand name compose logic\n name: https.443.https.geth-dedicated.default\n patch:\n operation: MERGE\n value:\n name: envoy.filters.http.lua\n typed_config:\n "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua\n inlineCode: |\n function envoy_on_response(response_handle)\n response_handle:headers():add("dm3ch-test", "dm3ch")\n response_handle:logErr("Bye Bye.")\n end\n目前我没有看到任何日志消息或测试标头响应。\n我已经尝试过:
\nistio: ingressgateway标签)VIRTUAL_HOST和HTTP_ROUTE模式https.443.https.geth-dedicated.default使用istioctl proxy-config route <gateway_pod>命令。vhost.name设置和评论vhost.route.nameIstio 版本信息:
\n\xe2\x9d\xaf istioctl version\nclient version: 1.11.4\ncontrol plane version: 1.12.0-alpha.1\ndata plane version: 1.12.0-alpha.1 (1 proxies)\n路由配置json:
\n\xe2\x9d\xaf istioctl version\nclient version: 1.11.4\ncontrol plane version: 1.12.0-alpha.1\ndata plane version: 1.12.0-alpha.1 (1 proxies)\n如果有人可以咨询我我做错了什么或者如何更好地调试为什么不应用过滤器,我会很高兴。
\nPS 我的目标是在仅针对特定虚拟服务的 ingressgateway istio 部署的请求/响应处理期间调用自定义逻辑
\n克里斯的回答非常有用,但不幸的是它并不完整。:(
这是我发现的:
type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua过滤器 on HTTP_ROUTE(但可以使用LuaPerRoute)type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute本身不允许定义新的 lua 过滤器,它只允许禁用现有的 Lua 过滤器或覆盖其源代码envoy 文档因此,要使 lua 自定义逻辑仅应用于一个 http 路由,您需要定义“全局”Lua过滤器,并使用过滤器覆盖特定 http 路由的代码LuaPerRoute。
这是我的清单,使我能够使其工作:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: geth-dedicated
namespace: default
spec:
gateways:
- geth-dedicated # I'm ommiting gateway creation in this snippet
hosts:
- <domain>
http:
- match:
- uri:
prefix: /
name: geth-public
route:
- destination:
host: geth-dedicated
port:
number: 8545
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: dumb-filter
namespace: istio-system # Namespace where istio gateway pods are actually running
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
# Patch that creates "global" lua filter that does nothing useful
- applyTo: HTTP_FILTER
match:
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
patch:
operation: INSERT_BEFORE
value:
name: envoy.lua
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
inlineCode: |
function envoy_on_request(request_handle)
-- Empty lua function
end
# Filter for http route that overrides "global" filter lua source code
- applyTo: HTTP_ROUTE
match:
context: GATEWAY
routeConfiguration:
vhost:
route:
name: geth-public # Corresponds to http[0].name in VirtualService
patch:
operation: MERGE
value:
name: envoy.lua
typed_per_filter_config:
envoy.filters.http.lua:
'@type': type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
source_code:
inline_string: |
function envoy_on_response(response_handle)
response_handle:logErr("Goodbye my brain.")
response_handle:headers():add("dm3ch-test", "dm3ch wins")
end
| 归档时间: |
|
| 查看次数: |
3458 次 |
| 最近记录: |