Istio 复杂的 K8sObjectOverlay.PathValue [英] Istio complicated K8sObjectOverlay.PathValue
问题描述
Istio 可以通过 IstioOperator.
您可以使用 K8sObjectOverlay 修补由某个组件创建的任何内容,它需要一个 PathValue.我一生都无法理解如何提供复杂的 PathValues.
You can patch anything created by a certain component using the K8sObjectOverlay, which takes a PathValue. I cannot for the life of me understand how to provide complicated PathValues.
这里有一些示例
Here are some example patches I've found (search for "patches:" on those pages) in case it helps.
我尝试应用的补丁正在更改从以下位置创建的默认 ingressGateway:
The patch I'm trying to apply is changing the default ingressGateway that gets created from:
...
spec:
profile: default
components:
ingressGateways:
- namespace: istio-system
name: istio-ingressgateway
enabled: true
我可以查看使用 kubectl edit gateway/ingressgateway -n istio-system 创建的默认入口网关,并查看此代码段:
I can view the default ingress gateway that gets created with kubectl edit gateway/ingressgateway -n istio-system and see this snippet:
spec:
servers:
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
我的目标是把它改成这样:
My goal is to change it to this:
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
tls:
httpsRedirect: true # sends 301 redirect for http requests
- port:
number: 443
name: https-443
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE # enables HTTPS on this port
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
privateKey: /etc/istio/ingressgateway-certs/tls.key
我相信我应该添加到上面第一个 YAML 块的 ObjectOverlay 应该以这样的方式开始:
I believe that the ObjectOverlay that I should add to the first YAML block above should start with something like this:
k8s:
overlays:
- apiVersion: networking.istio.io/v1beta1
Kind: Gateway
name: ingressgateway
patches:
- path: spec.servers.
但是我不知道如何指定我要在第一个列表项中添加tls.httpsRedirect: true,或者如何使用上面相对复杂的值创建一个列表项.
but I don't know how to specify that I want to add tls.httpsRedirect: true to the first list item, or how to create a list item with the relatively complicated values above.
我在上面链接的 PathValue 文档我不清楚.Istio 本身只是通过 [Istio] 标签链接到 StackOverflow,所以我想这就是我寻求帮助的地方.
The PathValue docs I linked above are not clear to me. Istio itself just links to StackOverflow with the [Istio] Tag, so I guess this is where I come for help.
推荐答案
这是一个叠加层的一部分,它将添加另一个带有一些示例规范的服务器条目.只需将其调整为您想要的方式即可.您还可以使用 spec.servers[0] 路径覆盖您的第一个服务器条目,然后将该值设置为您想要的任何值.
This is a part of an overlay that will add another server entry with some example specs. Just tweak it to be the way you want it to be. You can also override your first server entry with a path of spec.servers[0] and then set the value to whatever you want it to be.
ingressGateways:
- enabled: true
k8s:
overlays:
- apiVersion: networking.istio.io/v1alpha3
kind: Gateway
name: ingressgateway
patches:
- path: spec.servers[1]
value:
hosts:
- '*.example.com'
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: example-cert
mode: SIMPLE
privateKey: sds
serverCertificate: sds
更新:我还没有尝试过,但您可以尝试将该表达式定义为路径路径,我认为它然后只需在对象的其余部分设置该单个值:
Update: I haven't tried it out, but you could try just defining that expression as the path path, i think it then just set that single value inside the rest of the object:
- path: spec.servers[0].tls.httpsRedirect
value: true
虽然可能需要定义整个 tls 对象,但我现在不确定它是否仅在定义 httpsRedirect 属性时有效.
It might be necessary to define the entire tls object though, i'm not sure right now if it'd be valid with just the httpsRedirect attribute defined.
- path: spec.servers[0].tls
value:
httpsRedirect: true
other required attributes defined here just like httpsRedirect
这篇关于Istio 复杂的 K8sObjectOverlay.PathValue的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
