测试一下在istio中的全链路中基于cookie和header灰度发布,这些在higress中也可以的。istio在进行测试。
根据istio版本信息中的提示,在1.19中支持的是1.25 到 1.28
Istio 1.19.0 已得到 Kubernetes 1.25 到 1.28 的官方正式支持。鉴于 我本地使用的是1.25.11,因此1.19在我考虑范围内。下载安装组件istioctl
wget https://github.com/istio/istio/releases/download/1.19.0/istioctl-1.19.0-linux-amd64.tar.gz
tar xf istioctl-1.19.0-linux-amd64.tar.gz
mv istioctl /usr/local/sbin/[root@master-01 ~/istio]# istioctl version
no ready Istio pods in "istio-system"
1.19.0生成安装配置文件
istioctl manifest generate --set profile=default > istio.yaml我们替换其中两个重要的镜像
image: docker.io/istio/proxyv2:1.19.0
image: docker.io/istio/pilot:1.19.0修改为
uhub.service.ucloud.cn/marksugar-k8s/proxyv2:1.19.0
uhub.service.ucloud.cn/marksugar-k8s/pilot:1.19.0 sed -i 's@docker.io/istio/pilot:1.19.0@uhub.service.ucloud.cn/marksugar-k8s/pilot:1.19.0@g' istio.yaml
sed -i 's@docker.io/istio/proxyv2:1.19.0@uhub.service.ucloud.cn/marksugar-k8s/proxyv2:1.19.0@g' istio.yaml开始安装
kubectl create ns istio-system
kubectl apply -f istio.yaml安装完成
[root@master-01 ~/istio]# kubectl -n istio-system get all
NAME READY STATUS RESTARTS AGE
pod/istio-ingressgateway-65cff96b76-nzdk9 1/1 Running 0 3m30s
pod/istiod-ffc9db9cc-7g554 1/1 Running 0 3m30s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/istio-ingressgateway LoadBalancer 10.68.208.80 <pending> 15021:31635/TCP,80:30598/TCP,443:31349/TCP 2m28s
service/istiod ClusterIP 10.68.9.174 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 2m28s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/istio-ingressgateway 1/1 1 1 21m
deployment.apps/istiod 1/1 1 1 21m
NAME DESIRED CURRENT READY AGE
replicaset.apps/istio-ingressgateway-65cff96b76 1 1 1 3m30s
replicaset.apps/istiod-ffc9db9cc 1 1 1 3m30s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/istio-ingressgateway Deployment/istio-ingressgateway 2%/80% 1 5 1 21m
horizontalpodautoscaler.autoscaling/istiod Deployment/istiod 0%/80% 1 5 1 21m接着我们配置一个vip做为loadbalancer
ip addr add 172.16.100.210/24 dev eth0而后使用kubectl -n istio-system edit svc istio-ingressgateway编辑
27 clusterIP: 10.68.113.92
28 externalIPs:
29 - 172.16.100.210
30 clusterIPs:
31 - 10.68.113.92
32 externalTrafficPolicy: Cluster
33 internalTrafficPolicy: Cluster
34 ipFamilies:
35 - IPv4现在状态就正常了
[root@master-01 ~/istio]# kubectl -n istio-system get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.68.208.80 172.16.100.210 15021:31635/TCP,80:30598/TCP,443:31349/TCP 127m
istiod ClusterIP 10.68.9.174 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 127m接着给test1名称空间打标签,表示test1作为istio的配置范围,test1名称空间内的pod都会注入一个边车
[root@master-01 ~/istio]# kubectl create ns test1
namespace/test1 created
[root@master-01 ~/istio]# kubectl label namespace test1 istio-injection=enabled
namespace/test1 labeled测试代码
我必须保持让cookie或者Header以某种方式被赋值后在代码链路中传递,而且应该有一个约束范围的名称。在测试中:
cookie名称是:cannary
Header名称是:test
代码如下:
package main
import (
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"github.com/gin-gonic/gin"
)
// 全局变量
var (
PATH_URL = getEnv("PATH_URL", "go-test2")
METHODS = getEnv("METHODS", "GET")
QNAME = getEnv("QNAME", "name")
)
func getEnv(key, defaultVal string) string {
if value, ok := os.LookupEnv(key); ok {
return value
}
return defaultVal
}
func main() {
r := gin.Default()
r.POST("/post", postJson)
r.GET("/get", getJson)
r.Run(":9999")
}
func getJson(c *gin.Context) {
// 获取cookie
cookie, err := c.Cookie("cannary")
if err != nil {
cookie = "NotSet"
c.SetCookie("gin_cookie", "test", 3600, "getJson", "localhost", false, true)
}
fmt.Println("c.Cookie:", cookie)
// 获取传入参数
query := c.Query(QNAME)
fmt.Println(query)
// 获取test Header
headers := c.Request.Header
customHeader := headers.Get("test")
// 传递header和cookie
sed2sort(customHeader, cookie)
// 打印Header
for k, v := range c.Request.Header {
fmt.Println("c.Request.Header:", k, v)
if k == "Test" {
fmt.Println("c.Request.Header:", k, v)
}
}
c.JSON(200, gin.H{"status": "ok"})
}
func postJson(c *gin.Context) {
// 获取cookie
cookie, err := c.Cookie("cannary")
if err != nil {
cookie = "NotSet"
c.SetCookie("gin_cookie", "test", 3600, "getJson", "localhost", false, true)
}
fmt.Println("c.Cookie:", cookie)
// 获取传入参数
query := c.Query(QNAME)
fmt.Println("c.Request.Query:", query)
body := c.Request.Body
x, err := ioutil.ReadAll(body)
if err != nil {
c.JSON(400, gin.H{"error": err.Error()})
return
}
fmt.Println(query)
// 获取test Header
headers := c.Request.Header
customHeader := headers.Get("test")
sed2sort(customHeader, cookie)
// 打印Header
for k, v := range c.Request.Header {
fmt.Println("c.Request.Header:", k, v)
if k == "Test" {
fmt.Println("Test:", k, v)
}
}
log.Println(string(x))
c.JSON(200, gin.H{"status": "ok"})
}
// 调用下游
func sed2sort(headerValue, icookie string) {
fmt.Println("sed2sort:", METHODS, PATH_URL)
client := &http.Client{}
req, err := http.NewRequest(METHODS, PATH_URL, nil)
// 添加Header
req.Header.Add("test", headerValue)
// 添加Cookie
cookies := []*http.Cookie{
&http.Cookie{Name: "cannary", Value: icookie},
}
for _, cookie := range cookies {
req.AddCookie(cookie)
}
if err != nil {
fmt.Println(err)
return
}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}yaml
相对的,需要创建几组服务和vs,分别测试Header,cookie,服务均从server1访问server2,在server2中进行mesh
server1
在server1中会去调用server2的get接口,通过环境变量传入
apiVersion: v1
kind: Service
metadata:
name: server1
namespace: test1
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9999
selector:
app: server1
version: v0.2
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server1
namespace: test1
spec:
replicas:
selector:
matchLabels:
app: server1
version: v0.2
template:
metadata:
labels:
app: server1
version: v0.2
spec:
containers:
- name: server1
# imagePullPolicy: Always
image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
#image: uhub.service.ucloud.cn/marksugar-k8s/cookie:v1
ports:
- name: http
containerPort: 9999
env:
- name: PATH_URL
value: http://server2/get
- name: METHODS
value: GETserver2
server2提供一个单独的服务
apiVersion: v1
kind: Service
metadata:
name: server2
namespace: test1
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9999
selector:
app: server2
version: v0.2
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server2
namespace: test1
spec:
replicas:
selector:
matchLabels:
app: server2
version: v0.2
template:
metadata:
labels:
app: server2
version: v0.2
spec:
containers:
- name: server2
# imagePullPolicy: Always
image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
ports:
- name: http
containerPort: 9999server2-1
server3也提供一个单独的服务
apiVersion: v1
kind: Service
metadata:
name: server2-1
namespace: test1
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9999
selector:
app: server2-1
version: v0.2
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server2-1
namespace: test1
spec:
replicas:
selector:
matchLabels:
app: server2-1
version: v0.2
template:
metadata:
labels:
app: server2-1
version: v0.2
spec:
containers:
- name: server2-1
# imagePullPolicy: Always
image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
ports:
- name: http
containerPort: 9999
server2-cooike
apiVersion: v1
kind: Service
metadata:
name: server2-cooike
namespace: test1
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9999
selector:
app: server2-cooike
version: v0.2
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: server2-cooike
namespace: test1
spec:
replicas:
selector:
matchLabels:
app: server2-cooike
version: v0.2
template:
metadata:
labels:
app: server2-cooike
version: v0.2
spec:
containers:
- name: server2-cooike
# imagePullPolicy: Always
image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
ports:
- name: http
containerPort: 9999创建完成后相对的svc和pod正常
[root@master-01 ~/higress/ops/server]# kubectl -n test1 get pod
NAME READY STATUS RESTARTS AGE
server1-79fd8456ff-8fj9v 2/2 Running 0 25m
server2-1-74bfdd776c-5zs7z 2/2 Running 0 24m
server2-5bc69c4f75-wcbcq 2/2 Running 0 25m
server2-cooike-94ffb459-bdgk4 2/2 Running 0 21m
[root@master-01 ~/higress/ops/server]# kubectl -n test1 get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
server1 ClusterIP 10.68.142.192 <none> 80/TCP 3h13m
server2 ClusterIP 10.68.27.255 <none> 80/TCP 3h13m
server2-1 ClusterIP 10.68.196.212 <none> 80/TCP 3h
server2-cooike ClusterIP 10.68.165.157 <none> 80/TCP 21m开始将server1发布
发布
在istio中,我们需要配置Gateway,destinationRule和VirtualService,如下
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cookie-gateway
namespace: istio-system
# 要指定为ingress gateway pod所在名称空间
spec:
selector:
app: istio-ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "cookie.linuxea.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: cookie
namespace: test1
spec:
host: "cookie.linuxea.com"
trafficPolicy:
tls:
mode: DISABLE
---
# apiVersion: networking.istio.io/v1beta3
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cookie
namespace: test1
spec:
hosts:
- "cookie.linuxea.com"
gateways:
- istio-system/cookie-gateway
- mesh
http:
- name: server1
headers:
response:
add:
X-Envoy: linuxea
route:
- destination:
host: server1
测试
我们通过postman发送请求,无论什么情况,访问cookie.linuxea.com域名都会将请求发往server1
- server1
[root@master-01 ~]# kubectl -n test1 logs -f server1-79fd8456ff-8fj9v
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: X-B3-Parentspanid [c782871d39b17cab]
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-B3-Traceid [42855963a60a52bcc782871d39b17cab]
c.Request.Header: Postman-Token [e65b66ff-296f-4033-ab83-e6ccf904c043]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
c.Request.Header: X-B3-Spanid [9d5a0f1e0f9ecb58]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: X-Request-Id [e2ec1977-62d9-4cba-90bc-7476e4037b47]
[GIN] 2023/09/14 - 09:30:18 | 200 | 1.970681ms | 192.20.1.0 | GET "/get"- server2
[root@master-01 ~]# kubectl -n test1 logs -f server2-5bc69c4f75-wcbcq
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: X-B3-Traceid [bedabe3d26de18e00f3029cb0970a46f]
c.Request.Header: X-B3-Parentspanid [0f3029cb0970a46f]
c.Request.Header: User-Agent [Go-http-client/1.1]
c.Request.Header: Test []
c.Request.Header: Test []
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [904970b36297796d]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Cookie [cannary=NotSet]
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Request-Id [faa7c8ad-1175-43f3-9635-277747543a85]
[GIN] 2023/09/14 - 09:30:18 | 200 | 573.45µs | 127.0.0.6 | GET "/get"基于header
header的name在约束内假设代码内传递的header名称就是test,因此我们添加test为true,如果通过postman发送的请求头中包含了header等于true就路由到server2-1
http:
- name: server2-1
match:
- headers:
test:
exact: "true"
route:
- destination:
host: server2-1如下
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: server2
namespace: test1
spec:
hosts:
- "server2"
http:
- name: server2-1
match:
- headers:
test:
exact: "true"
route:
- destination:
host: server2-1
headers:
request:
set:
User-Agent: Mozilla
response:
add:
x-canary: "marksugar"
- name: server2
headers:
response:
add:
X-Envoy: linuxea
route:
- destination:
host: server2发起一次测试
此时请求就被路由到server2-1上了
- server1
[root@master-01 ~]# kubectl -n test1 logs -f server1-79fd8456ff-8fj9v
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: Postman-Token [0a2c1682-fb2a-428f-a9d1-8232bf8372db]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
c.Request.Header: X-B3-Traceid [034f8708b77c398ea651d5f18dae87f3]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Request-Id [39b021a2-b596-4899-8eec-bc58210bae4f]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: Test [true]
c.Request.Header: Test [true]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-B3-Spanid [6178bc93cf359eb7]
c.Request.Header: X-B3-Parentspanid [a651d5f18dae87f3]
c.Request.Header: X-B3-Sampled [0]
[GIN] 2023/09/14 - 09:37:17 | 200 | 4.640183ms | 192.20.1.0 | GET "/get"- server2-1
[root@master-01 ~]# kubectl -n test1 logs -f server2-1-74bfdd776c-5zs7z
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: X-Request-Id [8bd6ca98-2b11-4867-85b6-6c0ec629de49]
c.Request.Header: User-Agent [Mozilla]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-B3-Traceid [d3693e3f3f1bc32a0220533906f33a9e]
c.Request.Header: X-B3-Parentspanid [0220533906f33a9e]
c.Request.Header: Test [true]
c.Request.Header: Test [true]
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [db50496d52cfae29]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Cookie [cannary=NotSet]
[GIN] 2023/09/14 - 09:37:18 | 200 | 230.31µs | 127.0.0.6 | GET "/get"基于cookie
我们需要regexheader中cookie的值,如:cannary=marksugar;由冒号分隔,在regex后就变成了
"^(.*;.)?(cannary=marksugar)(;.*)?$"代码中仍然需要约束传递的名称,而后,我们修改server2的VirtualService配置:如果cookie包含cannary=marksugar就路由到server2-cooike,添加如下
http:
- name: server2-cookie
match:
- headers:
cookie:
regex: "^(.*;.)?(cannary=marksugar)(;.*)?$"
route:
- destination:
host: server2-cooike如下
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: server2
namespace: test1
spec:
hosts:
- "server2"
http:
- name: server2-cookie
match:
- headers:
cookie:
regex: "^(.*;.)?(cannary=marksugar)(;.*)?$"
route:
- destination:
host: server2-cooike
- name: server2-1
match:
- headers:
test:
exact: "true"
route:
- destination:
host: server2-1
headers:
request:
set:
User-Agent: Mozilla
response:
add:
x-canary: "marksugar"
- name: server2
headers:
response:
add:
X-Envoy: linuxea
route:
- destination:
host: server2接着在postman中添加cooike,左侧中部添加域名:cookie.linuxea.com,而后点击Add Cookie添加cannary=marksugar!
当携带cannary=marksugar的请求在流向server2的时候。检测到cookie为cannary=marksugar的时候就会将请求路由到server2-cooike的pod
此时请求中携带cannary=marksugar就发送server2-cooike中了
- server1
[root@master-01 ~]# kubectl -n test1 logs -f server1-79fd8456ff-8fj9v
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
c.Cookie: marksugar
sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: X-B3-Parentspanid [6b9b59fdbe1b967c]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Postman-Token [bd6ef33a-279b-4b13-853c-c0785eb6161d]
c.Request.Header: Cookie [cannary=marksugar]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [b53f23943a757ec7]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Request-Id [0cf8ff34-3f41-4197-9e22-0f8d02371942]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-B3-Traceid [3211f68dd35e189b6b9b59fdbe1b967c]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
[GIN] 2023/09/14 - 09:26:37 | 200 | 2.427771ms | 192.20.1.0 | GET "/get"- server2-cooike
[root@master-01 ~]# kubectl -n test1 logs -f server2-cooike-94ffb459-bdgk4
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /post --> main.postJson (3 handlers)
[GIN-debug] GET /get --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
c.Cookie: marksugar
sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: User-Agent [Go-http-client/1.1]
c.Request.Header: Cookie [cannary=marksugar]
c.Request.Header: X-Request-Id [1bb67f53-5a26-4803-b934-6ed5b0af0c1d]
c.Request.Header: X-B3-Spanid [1da69ab234ba1e23]
c.Request.Header: X-B3-Parentspanid [1ca523b46de45366]
c.Request.Header: Test []
c.Request.Header: Test []
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-B3-Traceid [ba730ac5aa266e2b1ca523b46de45366]
c.Request.Header: X-B3-Sampled [0]
[GIN] 2023/09/14 - 09:26:39 | 200 | 71.76µs | 127.0.0.6 | GET "/get"参考
https://regex101.com/r/CPv2kU/3https://istio.io/latest/docs/reference/config/networking/destination-rule/https://istio.io/latest/zh/docs/tasks/traffic-management/request-routing/
