istio - 如何在 istio 上 Knative 获取客户端 ip

问题描述

我在 knative 中使用 istio。由于客户端 ip 没有来，我激活了反向代理。我添加了特使过滤器。但是我在 knative 上的服务中收到“上游连接错误或断开/重置标题。重置原因：连接终止”错误。如果它不是 knative 服务，我可以访问它。

虚拟服务

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-entry-route
  namespace: default
spec:
  gateways:
    - knative-serving/knative-ingress-gateway
  hosts:
    - "test.net"
  http:
    - match:
        - uri:
            prefix: /test/ #working
      rewrite:
        uri: /
      route:
        - destination:
            host: user-api.test.svc.cluster.local
            port:
              number: 80
    - match:
        - uri:
            prefix: /user/ #not working
      route:
        - destination:
            host: istio-ingressgateway.istio-system.svc.cluster.local
            port:
              number: 80
          weight: 100
      rewrite:
        authority: user-api.poker-test.k8s.test.net
        uri: /

特使过滤器

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: proxy-protocol
  namespace: istio-system
spec:
  configPatches:
    - applyTo: LISTENER
      patch:
        operation: MERGE
        value:
          listener_filters:
            - name: envoy.listener.proxy_protocol
            - name: envoy.listener.tls_inspector
  workloadSelector:
    labels:
      istio: ingressgateway

服务负载均衡器

annotations:
    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
externalTrafficPolicy: Local

标签： istioknative