什么是http match
virtualservice是istio里面用于配置路由等的crd资源。vs配置路由有三种方式分别是http,tcp,tls。这里我们讲的是http的配置。http match就是vs里面用于配置http类型的路由的。具体生成envoy配置时,作用在dynamic route里面。这里我们演示了用envoyfilter配置路由,我们配置的路由是静态的路由,作用在static route里面。我们配置的路由优先级高于dynamic route。
实战
authority
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
exact: "192.168.229.134:32688"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-authority-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.80”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- exactMatch: 192.168.229.134:32688
name: :authority
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-authority-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
prefix: "192.168"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-authority-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.80”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- prefixMatch: "192.168"
name: :authority
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-authority-prefix.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- authority:
regex: "192.*"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-authority-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.80”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- safeRegexMatch:
googleRe2: {}
regex: 192.*
name: :authority
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-authority-regex.yaml -n istio-system --context context-cluster1headers
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: mark
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3envoyfilter实现
cat << EOF > ef-http-match-headers-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
app: reviews
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 9080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- exactMatch: mark
name: end-user
prefix: /
route:
cluster: outbound|9080|v2|reviews.istio.svc.cluster.local
- match:
caseSensitive: true
prefix: /
route:
cluster: outbound|9080|v3|reviews.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-headers-exact.yaml -n istio --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
prefix: ma
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3envoyfilter实现
cat << EOF > ef-http-match-headers-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
app: reviews
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 9080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- prefixMatch: ma
name: end-user
prefix: /
route:
cluster: outbound|9080|v2|reviews.istio.svc.cluster.local
- match:
caseSensitive: true
prefix: /
route:
cluster: outbound|9080|v3|reviews.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-headers-prefix.yaml -n istio --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
regex: "m.*k"
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v3envoyfilter实现
cat << EOF > ef-http-match-headers-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
app: reviews
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 9080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- safeRegexMatch:
googleRe2: {}
regex: m.*k
name: end-user
prefix: /
route:
cluster: outbound|9080|v2|reviews.istio.svc.cluster.local
- match:
caseSensitive: true
prefix: /
route:
cluster: outbound|9080|v3|reviews.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-headers-regex.yaml -n istio --context context-cluster1cookie
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- headers:
cookie:
regex: "^(.*?;)?(session=.*)(;.*)?$"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-headers-cookie.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: cookie
safeRegexMatch:
googleRe2: {}
regex: ^(.*?;)?(session=.*)(;.*)?$
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-headers-cookie.yaml -n istio-system --context context-cluster1user-agent
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- headers:
user-agent:
regex: ".*Chrome.*"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-headers-user-agent.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: user-agent
safeRegexMatch:
googleRe2: {}
regex: .*Chrome.*
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-headers-user-agent.yaml -n istio-system --context context-cluster1ignoreUriCase
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: "/pRODUCTPAGE"
ignoreUriCase: true
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-ignoreUriCase.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: false
path: /pRODUCTPAGE
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-ignoreUriCase.yaml -n istio-system --context context-cluster1method
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
exact: "GET"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-method-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- exactMatch: GET
name: :method
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-method-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
prefix: "G"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-method-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
app: reviews
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: :method
prefixMatch: G
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-method-exact.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- method:
regex: "G.*T"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-method-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.8080
virtual_hosts:
- name: “*.8080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: :method
safeRegexMatch:
googleRe2: {}
regex: G.*T
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-method-regex.yaml -n istio-system --context context-cluster1port
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- port: 80
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-port.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-port.yaml -n istio-system --context context-cluster1queryParams
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
exact: test
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-queryParams-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /
queryParameters:
- name: test
stringMatch:
exact: test
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-queryParams-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
prefix: test
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-queryParams-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /
queryParameters:
- name: test
stringMatch:
prefix: test
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-queryParams-prefix.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- queryParams:
test:
regex: "\\d+$"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-queryParams-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /
queryParameters:
- name: test
string_match:
safe_regex:
google_re2: {}
regex: \\d+$
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-queryParams-regex.yaml -n istio-system --context context-cluster1scheme
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
exact: "https"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-scheme-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- exactMatch: http
name: :scheme
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-scheme-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
prefix: "http"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-scheme-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: :scheme
prefixMatch: http
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-scheme-prefix.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- scheme:
regex: ".*"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-scheme-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- name: :scheme
safeRegexMatch:
googleRe2: {}
regex: .*
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-scheme-regex.yaml -n istio-system --context context-cluster1sourceLabels
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- sourceLabels:
app: productpage
version: v1
route:
- destination:
host: reviews
subset: v2不生效,待研究
envoyfilter实现
sourceNamespace
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- sourceNamespace: istio-system
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-sourceNamespace.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-sourceNamespace.yaml -n istio-system --context context-cluster1uri
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
exact: /productpage
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-uri-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
path: /productpage
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-uri-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /product
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-uri-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
prefix: /product
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-uri-prefix.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- uri:
regex: "/p.*e"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-uri-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
safeRegex:
googleRe2: {}
regex: /p.*e
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-uri-regex.yaml -n istio-system --context context-cluster1withoutHeaders
exact
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- withoutHeaders:
end-user:
exact: mark
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-withoutHeaders-exact.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- exactMatch: mark
invertMatch: true
name: end-user
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-withoutHeaders-exact.yaml -n istio-system --context context-cluster1prefix
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- withoutHeaders:
end-user:
prefix: ma
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-withoutHeaders-prefix.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- prefixMatch: ma
invertMatch: true
name: end-user
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-withoutHeaders-prefix.yaml -n istio-system --context context-cluster1regex
virtualservice实现
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: bookinfo
spec:
gateways:
- bookinfo-gateway
hosts:
- '*'
http:
- match:
- withoutHeaders:
end-user:
regex: "m.*k"
route:
- destination:
host: productpage
port:
number: 9080envoyfilter实现
cat << EOF > ef-http-match-withoutHeaders-regex.yaml
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: match
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: NETWORK_FILTER
match:
listener:
#name: 0.0.0.0_8080
portNumber: 8080
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: envoy.filters.network.http_connection_manager
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
codec_type: AUTO
stat_prefix: ingress_http
route_config:
name: http.9080
virtual_hosts:
- name: “*.9080”
domains:
- "*"
routes:
- match:
caseSensitive: true
headers:
- invertMatch: true
name: end-user
safeRegexMatch:
googleRe2: {}
regex: m.*k
route:
cluster: outbound|9080||productpage.istio.svc.cluster.local
EOF
kubectl apply -f ef-http-match-withoutHeaders-regex.yaml -n istio-system --context context-cluster1
Asynq任务框架
MCP智能体开发实战
WEB架构
安全监控体系
