服务网格:使用Istio在虚拟服务中基于客户端IP路由TCP通信 [英] Service Mesh: Using Istio to route TCP traffic based on Client IP in Virtual Service
问题描述
入口网关位于使用节点端口的AWS ELB(经典)之后,我想基于客户端ip在虚拟服务中路由TCP通信.
Ingress gateway is located behind AWS ELB(classic) using nodeport and I want to route TCP traffic in Virtual Service based on client ip.
当然,ELB的代理协议已启用.
Of course Proxy Protocol of ELB is enabled.
当我使用HTTP时,它可以工作.配置如下.
When I use HTTP, it works. The configuration is below.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: app-vservice
namespace: test
spec:
hosts:
- "app-service"
http:
- match:
- headers:
x-forwarded-for:
exact: 123.123.123.123
route:
- destination:
host: app-service
subset: v2
- route:
- destination:
host: app-service
subset: v1
但是我在官方文档中找不到TCP路由的标头字段.
But I can't find headers field of TCP route in official documents.
不可能吗?
谢谢.
推荐答案
根据docs是,在Istio的TCPRoute中没有字段可以传递标头.同样要回答您的问题,每个标头操作都应使用envoy过滤器进行,因为基于envoy构建的Istio支持此操作,并且还降低了复杂性.
According to docs yes there is no field to pass headers in TCPRoute in Istio. Also to answer your question every header manipulation should be done using envoy filters because Istio, built on envoy supports that and also decreases the complexity.
使用Istio文档中所述的envoy和lua过滤器.可以实现的.请按照envoy 文档.
Using envoy and lua filters as stated in Istio docs. It can be achieved. Please follow envoy docs.
检出Istio 讨论虚拟服务中的标题.
Checkout the Istio Discussion for headers in Virtual Service.
要使用 Lua 来实现相同的功能
For implementation of the same using Lua. And a blog showing an example how to implement filters on envoy.
这篇关于服务网格:使用Istio在虚拟服务中基于客户端IP路由TCP通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
