Istio虚拟服务-外部HTTPS服务的代理 [英] Istio Virtual Service - Proxy to external HTTPS service

查看:0
本文介绍了Istio虚拟服务-外部HTTPS服务的代理的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将具有指定URI前缀的HTTP请求代理到外部HTTPS服务器。 我们的想法是使用Power内部Nexus Repository Manager for NPM,但不要像这个项目那样失去‘NPM审计’的能力GitHub Project。应使用Istio完成,而不是部署额外的应用程序。

我配置了一个虚拟服务和一个服务条目,以将流量路由到外部服务。到目前为止,还不可能将HTTP请求转换为HTTPS请求。有这样做的机会吗?

配置:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs-nexus
spec:
  hosts:
  - "test.com"
  gateways:
  - gateway-xy
  http:
  - match:
    - uri:
        prefix: /-/npm/v1/security/audits/
    route:
      - destination:
          port:
            number: 443
          host: registry.npmjs.org
  - route:
    - destination:
        port:
          number: 80
        host: nexus


---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: npmjs-ext
spec:
  hosts:
    - registry.npmjs.org
  ports:
    - number: 443
      name: tls
      protocol: tls
  resolution: DNS
  location: MESH_EXTERNAL

推荐答案

找到了解决方案:您需要添加Tls模式为"Simple"的DestinationRule以连接到外部HTTPS服务。

如果您使用的是私有Nexus存储库,我的问题的整个配置是:

将‘NPM审核’请求转发到公共‘registry.npmjs.org’
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: vs
spec:
  hosts:
  - "test.com"
  gateways:
  - gateway
  http:
  # Route to npm registry for audit
  # Like this: https://github.com/chovyy/npm-audit-proxy
  # See: https://istio.io/latest/blog/2019/proxy/
  - match:
    - uri:
        prefix: /-/npm/v1/security
    headers:
      request:
        set:
          host: "registry.npmjs.org"
    route:
      - destination:
          port:
            number: 443
          host: registry.npmjs.org

    # This is for custom Nexus repositories: You need to rewrite the route, that the prefix of the repository URL is not forwarded to registry.npmjs.org
  - match:
    - uri:
        prefix: /repository/npm-test-repo/-/npm/v1/security
    rewrite:
      uri: /-/npm/v1/security
    headers:
      request:
        set:
          host: "registry.npmjs.org"
    route:
      - destination:
          port:
            number: 443
          host: registry.npmjs.org

  - route:
    - destination:
        port:
          number: 80
        host: nexus

---

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: npmjs-ext
spec:
  hosts:
    - registry.npmjs.org
  ports:
    - number: 443
      name: tls
      protocol: TLS
  resolution: DNS
  location: MESH_EXTERNAL

---

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: npmjs-ext
spec:
  host: registry.npmjs.org
  trafficPolicy:
    tls:
      mode: SIMPLE

这篇关于Istio虚拟服务-外部HTTPS服务的代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆