时间戳

首页 > 解决方案 > Istio 添加和删除标头,但不会覆盖

istio - Istio 添加和删除标头,但不会覆盖

问题描述

我正在尝试VirtualServices使用 Istio 添加、覆盖和删除标头。向请求添加标头并从响应中删除标头可以正常工作,但它不会覆盖请求中的标头。

因此,根据 Istio 文档,标头操作如下:

在此处输入图像描述

这是我的VirtualService

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: server-vs
spec:
  hosts:
  - server.istio.svc.cluster.local
  http:
  - headers:
      request:
        set:
          test: "true"
        add:
          added: "header"
    route:
    - destination:
        host: server.istio.svc.cluster.local
        subset: apache
      weight: 90
    - destination:
        host: server.istio.svc.cluster.local
        subset: nginx
      headers:
        response:
          remove:
          - foo
      weight: 10

专注于set一个标题,这是我的理解。Istio 将使用 key 识别标头test,并将覆盖 value true。所以,如果我用参数卷曲我的服务-H "test: hello",我应该test: true在我的请求中看到。

现在,我在后端 pod 中安装了 tcpdump,我可以看到added: header. 我还可以看到它foo: bar已被删除(我的 nginx 服务器foo: bar与响应一起返回),但我看不到test: true标题。我对 Istio 的标头操作的理解是否正确?

从测试中:

要求

/ # curl -H "test: hello" server
<h1>THIS IS AN ISTIO DEMO</h1>/ #

回复

15:47:27.387891 IP 192.168.49.58.39652 > 192.168.113.134.80: Flags [S], seq 2810811797, win 28000, options [mss 1400,sackOK,TS val 1900372734 ecr 0,nop,wscale 7], length 0
E..<d.@.>.....1:..q....P..........m`
3.....x...
qEb.........
15:47:27.388130 IP 192.168.49.58.39652 > 192.168.113.134.80: Flags [.], ack 2093848160, win 219, options [nop,nop,TS val 1900372735 ecr 3950379544], length 0
E..4d.@.>.....1:..q....P....|..`.....z.....
qEb..v..
15:47:27.388202 IP 192.168.49.58.39652 > 192.168.113.134.80: Flags [P.], seq 2810811798:2810812507, ack 2093848160, win 219, options [nop,nop,TS val 1900372735 ecr 3950379544], length 709: HTTP: GET / HTTP/1.1
E...d.@.>.....1:..q....P....|..`....S&.....
qEb..v..GET / HTTP/1.1
host: server
user-agent: curl/7.59.0
accept: */*
test: hello                  <-HERE IS THE HEADER THAT SUPPOSED TO BE OVERWRITTEN
x-forwarded-proto: http
x-request-id: 05ff2bb6-8810-9411-8a3b-7456066e1d16
x-envoy-decorator-operation: server-vs:80/*
x-istio-attributes: CjwKGGRlc3RpbmF0aW9uLnNlcnZpY2UuaG9zdBIgEh5zZXJ2ZXIuaXN0aW8uc3ZjLmNsdXN0ZXIubG9jYWwKOgoXZGVzdGluYXRpb24uc2VydmljZS51aWQSHxIdaXN0aW86Ly9pc3Rpby9zZXJ2aWNlcy9zZXJ2ZXIKJAoYZGVzdGluYXRpb24uc2VydmljZS5uYW1lEggSBnNlcnZlcgooCh1kZXN0aW5hdGlvbi5zZXJ2aWNlLm5hbWVzcGFjZRIHEgVpc3Rpbwo6Cgpzb3VyY2UudWlkEiwSKmt1YmVybmV0ZXM6Ly9jdXJsZXItNzU1Y2M3Y2ZmZi14dmxiMi5pc3Rpbw==
x-b3-traceid: 741c90fab1ca5e23802399916451563e
x-b3-spanid: 802399916451563e
x-b3-sampled: 1
added: header                <- HERE IS THE ADDED HEADER
content-length: 0


15:47:27.390857 IP 192.168.49.58.39652 > 192.168.113.134.80: Flags [.], ack 2093848436, win 228, options [nop,nop,TS val 1900372737 ecr 3950379547], length 0
E..4d.@.>.....1:..q....P...[|..t...........
qEc..v..

但我期待看到test: true

标签: istio

解决方案

一个傻事解决了这个问题。看起来如果我先定义setthen add,在 yaml 文件中,它不起作用,但如果我做 backwords,它会起作用。我想这是一个错误。所以下面的 yaml 起作用了:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: server-vs
spec:
  hosts:
  - server.istio.svc.cluster.local
  http:
  - headers:
      request:
        add:                    <- add goes first
          added: "header"
        set:                    <- set goes second
          test: "true"
    route:
    - destination:
        host: server.istio.svc.cluster.local
        subset: apache
      weight: 90
    - destination:
        host: server.istio.svc.cluster.local
        subset: nginx
      headers:
        response:
          remove:
          - foo
      weight: 10

推荐阅读