istio 基于headers请求头路由(9)

5.请求首部条件路由

正常情况下从客户端请求的流量会发送到sidecar-proxy(eneoy)，请求发送到上游的pod，而后响应到envoy，并从envoy响应给客户端。

在这个过程中，客户端到envoy是不能够被修改的，只有从envoy到上游serrvice中才是可以被操作的，因为这段报文是由envoy发起的。而从serrvice响应到envoy的也是不能够被修改的。并且从envoy响应到客户端的报文由envoy发起响应也是可以被修改的。

总共可配置的只有发送到上游service的请求和发给下游客户端的响应。而另外两端并不是envoy生成的，因此没用办法去操作标头的。

• request: 发送给上游请求service
• response: 响应给下游客户端

1.如果请求的首部有x-for-canary等于true则路由到v10，如果浏览器是Mozilla就路由给v11，并且修改发送给上游的请求标头的 User-Agent: Mozilla，其次，在响应给客户端的标头添加一个 x-canary: "true"

  - name: canary
    match:
    - headers:
        x-for-canary: 
          exact: "true"
    route:
    - destination:
        host: dpment
        subset: v11
      headers:
        request: # 修改发送给上游的请求标头的 User-Agent: Mozilla
          set:
            User-Agent: Mozilla
        response: # 响应给客户端的标头添加一个  x-canary: "true"
          add:
            x-canary: "true"

没有匹配到这些规则，就给默认规则匹配，就路由给v10，并且添加一个下游的响应报文： 全局标头X-Envoy: linuxea

  - name: default
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: dpment
        subset: v10

yaml如下

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: dpment
  namespace: java-demo
spec:
  hosts:
  - dpment
  http:
  - name: canary
    match:
    - headers:
        x-for-canary: 
          exact: "true"
    route:
    - destination:
        host: dpment
        subset: v11
      headers:
        request: # 修改发送给上游的请求标头的 User-Agent: Mozilla
          set:
            User-Agent: Mozilla
        response: # 响应给客户端的标头添加一个  x-canary: "true"
          add:
            x-canary: "marksugar"
  - name: default
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: dpment
        subset: v10

我们添加上gateway部分

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: dpment
  namespace: java-demo
spec:
  hosts:
  - "dpment.linuxea.com"                     # 对应于gateways/proxy-gateway
  - "dpment"
  gateways:
  - istio-system/dpment-gateway       # 相关定义仅应用于Ingress Gateway上  
  - mesh
  http:
  - name: canary
    match:
    - headers:
        x-for-canary: 
          exact: "true"
    route:
    - destination:
        host: dpment
        subset: v11
      headers:
        request:
          set:
            User-Agent: Mozilla
        response:
          add:
            x-canary: "marksugar"
  - name: default
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: dpment
        subset: v10

5.1 测试

此时可以使用curl来模拟访问请求

# curl dpment.linuxea.com
linuxea-dpment-linuxea-a-777847fd74-fsnsv.com-127.0.0.1/8 130.130.0.19/24 version number 1.0

添加头部, -H "x-for-canary: true"

# curl -H "x-for-canary: true"  dpment.linuxea.com
linuxea-dpment-linuxea-b-55694cb7f5-lhkrb.com-127.0.0.1/8 130.130.1.122/24 version number 2.0

而后查看日志的user-agent ，这里是Mozilla，默认是curl

130.130.0.0, 127.0.0.6 - [07/Aug/2022:08:18:33 +0000] "GET / HTTP/1.1" dpment.linuxea.com94 "-" "Mozilla" - -0.000 [200] [-] [-] "-"

我们使用curl发起请求，模拟的是Mozilla

此时使用-I，查看标头的添加信息x-canary: marksugar

PS C:\Users\Administrator> curl -H "x-for-canary: true"  dpment.linuxea.com -I
HTTP/1.1 200 OK
server: istio-envoy
date: Sun, 07 Aug 2022 09:47:45 GMT
content-type: text/html
content-length: 94
last-modified: Wed, 03 Aug 2022 07:58:30 GMT
etag: "62ea2aa6-5e"
accept-ranges: bytes
x-envoy-upstream-service-time: 4
x-canary: marksugar

如果不加头部-H "x-for-canary: true"则响应报文的是x-envoy: linuxea

PS C:\Users\Administrator> curl dpment.linuxea.com -I
HTTP/1.1 200 OK
server: istio-envoy
date: Sun, 07 Aug 2022 09:51:53 GMT
content-type: text/html
content-length: 93
last-modified: Wed, 03 Aug 2022 07:59:37 GMT
etag: "62ea2ae9-5d"
accept-ranges: bytes
x-envoy-upstream-service-time: 7
x-envoy: linuxea