Istio复杂的K8sObjectOverlay.PathValue [英] Istio complicated K8sObjectOverlay.PathValue
问题描述
Istio 可以通过您可以使用 K8sObjectOverlay修补由某个组件创建的任何内容. ,其中需要 PathValue .我一生都无法理解如何提供复杂的PathValues.
You can patch anything created by a certain component using the K8sObjectOverlay, which takes a PathValue. I cannot for the life of me understand how to provide complicated PathValues.
Here are some example patches I've found (search for "patches:" on those pages) in case it helps.
我要应用的补丁正在更改从以下位置创建的默认ingressGateway:
The patch I'm trying to apply is changing the default ingressGateway that gets created from:
...
spec:
profile: default
components:
ingressGateways:
- namespace: istio-system
name: istio-ingressgateway
enabled: true
我可以查看使用kubectl edit gateway/ingressgateway -n istio-system创建的默认入口网关,并查看以下代码段:
I can view the default ingress gateway that gets created with kubectl edit gateway/ingressgateway -n istio-system and see this snippet:
spec:
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
我的目标是将其更改为此:
My goal is to change it to this:
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: true # sends 301 redirect for http requests
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
我相信我应该添加到上面的第一个YAML块中的ObjectOverlay应该以这样的内容开头:
I believe that the ObjectOverlay that I should add to the first YAML block above should start with something like this:
k8s:
overlays:
- apiVersion: networking.istio.io/v1beta1
Kind: Gateway
name: ingressgateway
patches:
- path: spec.servers.
但是我不知道如何指定要在第一个列表项中添加tls.httpsRedirect: true,或者如何创建具有上述相对复杂值的列表项.
but I don't know how to specify that I want to add tls.httpsRedirect: true to the first list item, or how to create a list item with the relatively complicated values above.
我在上面链接的 PathValue 文档我不清楚. Istio本身只是链接到带有[Istio]标签的 StackOverflow,所以我想这就是我寻求帮助的地方.
The PathValue docs I linked above are not clear to me. Istio itself just links to StackOverflow with the [Istio] Tag, so I guess this is where I come for help.
推荐答案
这是覆盖的一部分,它将添加带有一些示例规格的另一个服务器条目.只需将其调整为您想要的方式即可.您还可以使用spec.servers [0]的路径覆盖第一个服务器条目,然后将该值设置为所需的值.
This is a part of an overlay that will add another server entry with some example specs. Just tweak it to be the way you want it to be. You can also override your first server entry with a path of spec.servers[0] and then set the value to whatever you want it to be.
ingressGateways:
- enabled: true
k8s:
overlays:
- apiVersion: networking.istio.io/v1alpha3
kind: Gateway
name: ingressgateway
patches:
- path: spec.servers[1]
value:
hosts:
- '*.example.com'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: example-cert
mode: SIMPLE
privateKey: sds
serverCertificate: sds
更新: 我还没有尝试过,但是您可以尝试仅将表达式定义为路径路径,我认为它只需在对象的其余部分内设置单个值即可:
Update: I haven't tried it out, but you could try just defining that expression as the path path, i think it then just set that single value inside the rest of the object:
- path: spec.servers[0].tls.httpsRedirect
value: true
尽管可能需要定义整个tls对象,但我现在不确定仅定义了httpsRedirect属性是否有效.
It might be necessary to define the entire tls object though, i'm not sure right now if it'd be valid with just the httpsRedirect attribute defined.
- path: spec.servers[0].tls
value:
httpsRedirect: true
other required attributes defined here just like httpsRedirect
这篇关于Istio复杂的K8sObjectOverlay.PathValue的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
