Istio:如何全局修改h2UpgradePolicy? [英] Istio: How to modify the h2UpgradePolicy globally?
问题描述
我想在Istio中将所有传入的HTTP 1.1连接升级到http2.我了解如何通过针对特定名称空间和pod的目标规则来实现这一目标.
I want up upgrade all incoming http 1.1 connections to http2 in Istio. I understand how to achieve this via destination rules for a particular namespace and pod.
但是,我也想从http1.1升级服务网格中的所有连接.即使文档建议这样做,如果Istio sidecar是自动注入的这里.
However, I want to upgrade all connections in service mesh from http1.1 too http2. Even the documentation recommends this, if Istio sidecar is auto injected here.
如果边车安装在网格中的所有吊舱上,则应将其设置为UPGRADE.
if sidecar is installed on all pods in the mesh, then this should be set to UPGRADE.
我可以更新"istio"消息吗?在"Istio-system"下的ConfigMap;命名空间?
Can I update the "istio" ConfigMap under "Istio-system" namespace?
如果是,该条目将是什么样?
If yes, what would the entry look like?
如果否,请提出如何才能以最小的努力实现这一目标?
If no, please suggest How can I achieve this with minimal effort?
推荐答案
实际上,您将在configMap istio中对其进行设置,并且需要这样:
Indeed, you will set it in the The configMap istio, and it would like this:
apiVersion: v1
data:
mesh: |-
accessLogEncoding: TEXT
accessLogFile: /dev/stdout
accessLogFormat: ""
h2UpgradePolicy: UPGRADE #<- here
defaultConfig:
concurrency: 2
configPath: ./etc/istio/proxy
现在,看到它的工作有点棘手.我发送了四个请求;其中两个没有h2UpgradePolicy参数,而两个有h2UpgradePolicy: UPGRADE.但是我从客户那里收到的所有四个请求都像这样:
Now, it is a little tricky to see that it works. I sent four requests; two of them without h2UpgradePolicy parameter, and two of them with h2UpgradePolicy: UPGRADE. But my all four of my requests from the client looked like this:
$ kubectl exec -it curler -- curl -I demo.istio
Defaulting container name to curler.
Use 'kubectl describe pod/curler -n default' to see all of the containers in this pod.
HTTP/1.1 200 OK
server: envoy
date: Mon, 22 Jun 2020 13:05:53 GMT
content-type: text/html
content-length: 612
last-modified: Tue, 26 May 2020 15:00:20 GMT
etag: "5ecd2f04-264"
accept-ranges: bytes
x-envoy-upstream-service-time: 1
我从网格外部发送了请求,因为默认情况下是从内部获得HTTP2的.因此,在我的情况下,禁用了mTLS,但这无关紧要.
I sent the requests from outside the mesh, as from within I was getting HTTP2 by default. So, in my case mTLS was disabled, but that's irrelevant.
要查看其工作原理,请检查下游代理的日志:
To see that it works, you would check the logs of the downstream proxy:
...
[2020-06-22T13:03:03.942Z] "HEAD / HTTP/1.1" 200 - "-" "-" 0 0 0 0 "-" "curl/7.59.0" "a7c32d21-dcea-95da-b7c1-67c5783a1641" "demo.istio" "127.0.0.1:80" inbound|80|http|demo.istio.svc.cluster.local 127.0.0.1:33180 192.168.72.186:80 192.168.66.168:34814 outbound_.80_._.demo.istio.svc.cluster.local default
[2020-06-22T13:03:05.245Z] "HEAD / HTTP/1.1" 200 - "-" "-" 0 0 0 0 "-" "curl/7.59.0" "409b3432-365f-94fe-87cd-8a85b586b42d" "demo.istio" "127.0.0.1:80" inbound|80|http|demo.istio.svc.cluster.local 127.0.0.1:60952 192.168.72.186:80 192.168.66.168:34830 outbound_.80_._.demo.istio.svc.cluster.local default
[2020-06-22T13:03:36.732Z] "HEAD / HTTP/2" 200 - "-" "-" 0 0 0 0 "-" "curl/7.59.0" "45dd94e5-6f29-9114-b09f-bda065dfd1eb" "demo.istio" "127.0.0.1:80" inbound|80|http|demo.istio.svc.cluster.local 127.0.0.1:33180 192.168.72.186:80 192.168.66.168:35120 outbound_.80_._.demo.istio.svc.cluster.local default
[2020-06-22T13:03:38.743Z] "HEAD / HTTP/2" 200 - "-" "-" 0 0 0 0 "-" "curl/7.59.0" "79e72286-f247-9ed0-b510-2819a886c7f9" "demo.istio" "127.0.0.1:80" inbound|80|http|demo.istio.svc.cluster.local 127.0.0.1:33180 192.168.72.186:80 192.168.66.168:35120 outbound_.80_._.demo.istio.svc.cluster.local default
非常重要::要使其正常运行,下游的对等方前面的服务必须已命名端口,并且必须将其命名为http
VERY IMPORTANT: To make it work, the service in front if the downstream peer, must have named port, and it must be called http
apiVersion: v1
kind: Service
metadata:
name: demo
spec:
ports:
- name: http #<- this parameter is mandatory to upgrade to HTTP2
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
这篇关于Istio:如何全局修改h2UpgradePolicy?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
