在istio中使用回溯

Question

我们正在从Ingress-nginx迁移到ISTIO。在将现有的入口定义迁移到ISTIO VirtualServices时，我们遇到了Nginx样式重写，并希望在ISTIO中实现相同的内容。当研究时，发现。有一个 open bug 关于ISTIO中的bug 。人们建议通过享受过滤器来处理这一点。由于我是ISTIO的新手，我尝试过创建一个特使过滤器，但仍然，URL返回404。

这是我们要在此处转换的示例Ingress-nginx定义

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^(/sample)$ $1/ permanent;
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
  name: sample-ingress
spec:
  tls:
  - hosts:
    - '*.example.com'
    secretName: icog-ssl
  rules:
  - host: abc.example.com
    http:
      paths:
      - backend:
          service:
            name: sample-ingress
            port:
              number: 80
        path: /sample(/|$)(.*)
        pathType: ImplementationSpecific

是为了处理参考

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: sample-filter
spec:
  configPatches:
    - applyTo: HTTP_ROUTE
      match:
        routeConfiguration:
          vhost:
            name: "inbound|http|80"
      patch:
        operation: MERGE
        value:
          route:
            regex_rewrite:
              pattern:
                 google_re2:
                   max_program_size: 100
                 regex: "^/sample(/|$)(.*)$"
              substitution: "/\\2"
  workloadSelector:
    labels:
      app: sample

我们还尝试了以下以及以下参考

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: sample-filter
spec:
  configPatches:
    - applyTo: HTTP_ROUTE
      match:
        context: ANY
      patch:
        operation: MERGE
        value:
          route:
            regex_rewrite:
              pattern:
                 google_re2:
                   max_program_size: 100
                 regex: "^/sample(/|$)(.*)$"
              substitution: "/\\2"
  workloadSelector:
    labels:
      app: sample

这是虚拟服务：

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sample-vs
  namespace: default
spec:
  hosts:
  - "*.xyz.com"
  gateways:
  - sample-gateway
  http:
  - name: sample
    match:
    - uri:
        regex: /sample(/|$)(.*)
    rewrite:
      uri: /$2
    route:
    - destination:
        host: sample
        port:
          number: 80

网关

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: sample-gateway
  namespace: default
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    tls:
      httpsRedirect: true
    hosts:
    - "*.xyz.com"
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: sample-ssl 
    hosts:
    - "*.xyz.com"

EnvoyFilter俩返回404的 API请求404。不确定如何确定与istio一起工作。

Answer 1

最后，我能够将其打倒。实际上很简单。我们可以将重写与虚拟服务中的匹配一起使用，而无需使用过滤器使其复杂化。这是虚拟服务。

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: sample-vs
  namespace: default
spec:
  hosts:
  - "*.xyz.com"
  gateways:
  - sample-gateway
  http:
  - name: sample-trailing
    match:
    - uri:
        prefix: /sample
    redirect:
      uri: /sample/ # This ensures that the trailing slash is added to the path. same as **rewrite ^(/sample)$ $1/ permanent;**
  - name: sample
    match:
    - uri:
        prefix: /sample/
    rewrite:
      uri: / #This ensures that internally it gets routed to **/$2**
    route:
    - destination:
        host: sample
        port:
          number: 80

我们认为在这里重写我们被误导了，我们认为重写在浏览器中重写http url，而实际上它重写并将请求转发到相应的目的地。