使用 Istio (1.6.0) envoy lua 过滤器添加自定义响应头 [英] Adding custom response headers using Istio's (1.6.0) envoy lua filter
问题描述
我正在运行 Istio 1.6.0.我想向源自我的服务的所有出站响应添加一些自定义标头.所以我试图使用 lua envoyfilter 来实现这一点.但是,我没有看到我的代理配置正确.
I am running Istio 1.6.0. I wanted to add some custom headers to all the outbound responses originating from my service. So I was trying to use lua envoyfilter to achieve that. However, I don't see my proxy getting properly configured.
我尝试使用的特使过滤器配置是
The envoy filter config that I'm trying to use is
kind: EnvoyFilter
metadata:
name: lua-filter
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value:
name: envoy.lua
typed_config:
"@type": "type.googleapis.com/envoy.config.filter.http.lua.v2.Lua"
inlineCode: |
function envoy_on_response(response_handle)
response_handle:logInfo(" ========= XXXXX ========== ")
response_handle:headers():add("X-User-Header", "worked")
end
我的入口网关 Pod 确实在 istio-system 命名空间中运行
I do have my ingress-gateway pods running in the istio-system namespace
❯ kgp -l istio=ingressgateway -n istio-system
NAME READY STATUS RESTARTS AGE
ingress-gateway-b4b5cffc9-wz75r 1/1 Running 0 3d12h
ingress-gateway-b4b5cffc9-znx9b 1/1 Running 0 28h
我希望在为我的服务卷曲时能看到 X-User-Header.不幸的是,我没有看到任何自定义标题.
I was hoping that I would see X-User-Header when I curl for my service.
Unfortunately, I'm not seeing any custom headers.
我尝试检查 istio-system 中 ingress-gateway pod 的 proxy-configs,我根本没有看到 envoy.lua 配置.我不确定我是否调试正确.
I tried checking the proxy-configs of the ingress-gateway pod in the istio-system, and I don't see the envoy.lua configured at all. I'm not sure whether I'm debugging it correctly.
istioctl proxy-config listener ingress-gateway-b4b5cffc9-wz75r.istio-system -n istio-system --port 443 -o json | grep "name"
"name": "0.0.0.0_443",
"name": "istio.stats",
"name": "envoy.tcp_proxy",
"name": "istio.stats",
"name": "envoy.tcp_proxy",
"name": "envoy.listener.tls_inspector",
请让我知道我遗漏了什么或配置不正确.关于如何进一步调试的任何建议也会非常有帮助.
Please let me know what is that I'm missing or incorrectly configured. Any advice on how to debug further also would be really helpful.
非常感谢.
推荐答案
就我使用 1.6.3 和 1.6.4 版检查我的 istio 集群而言,您的示例工作正常.从我的集群中查看以下代码.
As far as I checked on my istio cluster with version 1.6.3 and 1.6.4 your example works just fine. Take a look at below code from my cluster.
我用 curl 检查过
I checked it with curl
$ curl -s -I -X HEAD x.x.x.x/
HTTP/1.1 200 OK
server: istio-envoy
date: Mon, 06 Jul 2020 08:35:37 GMT
content-type: text/html
content-length: 13
last-modified: Thu, 02 Jul 2020 12:11:16 GMT
etag: "5efdcee4-d"
accept-ranges: bytes
x-envoy-upstream-service-time: 2
x-user-header: worked
AND
我使用 istio ingress-gateway pod 中的 config_dump 进行了检查.
I checked it with config_dump in istio ingress-gateway pod.
我在那里执行
kubectl exec -ti istio-ingressgateway-78db9f457d-xfhl7 -n istio-system -- /bin/bash
config_dump 的结果
Results from config_dump
curl 0:15000/config_dump | grep X-User-Header
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 128k 0 128k 0 0 9162k 0 --:--:-- --:--:-- --:--:-- 9162k
"inline_code": "function envoy_on_response(response_handle)
response_handle:logInfo(" ========= XXXXX ========== ")
response_handle:headers():add("X-User-Header", "worked")
end
"
如您所见,它的工作原理是将标头添加到请求中,并且函数在 istio 入口网关中处于活动状态.
So as you can see it works, header is added to request and function is active in istio ingress gateway.
您能否尝试使用上述 curl 再次检查它,检查 istio ingress-gateway tcp_dump 并让我知道它是否适合您?
Could you try to check it again with above curl, check istio ingress-gateway tcp_dump and let me know if it works for you?
这篇关于使用 Istio (1.6.0) envoy lua 过滤器添加自定义响应头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
