istio全链路传递cookie和header灰度

2023年 9月 15日 153.1k 0

测试一下在istio中的全链路中基于cookie和header灰度发布,这些在higress中也可以的。istio在进行测试。

根据istio版本信息中的提示,在1.19中支持的是1.25 到 1.28

Istio 1.19.0 已得到 Kubernetes 1.25 到 1.28 的官方正式支持。

鉴于 我本地使用的是1.25.11,因此1.19在我考虑范围内。下载安装组件istioctl

wget https://github.com/istio/istio/releases/download/1.19.0/istioctl-1.19.0-linux-amd64.tar.gz
tar xf istioctl-1.19.0-linux-amd64.tar.gz 
mv istioctl /usr/local/sbin/
[root@master-01 ~/istio]# istioctl version
no ready Istio pods in "istio-system"
1.19.0

生成安装配置文件

istioctl manifest generate --set profile=default > istio.yaml

我们替换其中两个重要的镜像

        image: docker.io/istio/proxyv2:1.19.0
        image: docker.io/istio/pilot:1.19.0

修改为

    uhub.service.ucloud.cn/marksugar-k8s/proxyv2:1.19.0
    uhub.service.ucloud.cn/marksugar-k8s/pilot:1.19.0    
sed -i 's@docker.io/istio/pilot:1.19.0@uhub.service.ucloud.cn/marksugar-k8s/pilot:1.19.0@g' istio.yaml
sed -i 's@docker.io/istio/proxyv2:1.19.0@uhub.service.ucloud.cn/marksugar-k8s/proxyv2:1.19.0@g' istio.yaml

开始安装

kubectl create ns istio-system
kubectl apply -f istio.yaml

安装完成

[root@master-01 ~/istio]# kubectl -n  istio-system get all
NAME                                        READY   STATUS    RESTARTS   AGE
pod/istio-ingressgateway-65cff96b76-nzdk9   1/1     Running   0          3m30s
pod/istiod-ffc9db9cc-7g554                  1/1     Running   0          3m30s

NAME                           TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                                      AGE
service/istio-ingressgateway   LoadBalancer   10.68.208.80   <pending>     15021:31635/TCP,80:30598/TCP,443:31349/TCP   2m28s
service/istiod                 ClusterIP      10.68.9.174    <none>        15010/TCP,15012/TCP,443/TCP,15014/TCP        2m28s

NAME                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/istio-ingressgateway   1/1     1            1           21m
deployment.apps/istiod                 1/1     1            1           21m

NAME                                              DESIRED   CURRENT   READY   AGE
replicaset.apps/istio-ingressgateway-65cff96b76   1         1         1       3m30s
replicaset.apps/istiod-ffc9db9cc                  1         1         1       3m30s

NAME                                                       REFERENCE                         TARGETS   MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/istio-ingressgateway   Deployment/istio-ingressgateway   2%/80%    1         5         1          21m
horizontalpodautoscaler.autoscaling/istiod                 Deployment/istiod                 0%/80%    1         5         1          21m

接着我们配置一个vip做为loadbalancer

ip addr add 172.16.100.210/24 dev eth0

而后使用kubectl -n istio-system edit svc istio-ingressgateway编辑

 27   clusterIP: 10.68.113.92
 28   externalIPs:
 29   - 172.16.100.210
 30   clusterIPs:
 31   - 10.68.113.92
 32   externalTrafficPolicy: Cluster
 33   internalTrafficPolicy: Cluster
 34   ipFamilies:
 35   - IPv4

现在状态就正常了

[root@master-01 ~/istio]# kubectl -n istio-system get svc
NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                                      AGE
istio-ingressgateway   LoadBalancer   10.68.208.80   172.16.100.210   15021:31635/TCP,80:30598/TCP,443:31349/TCP   127m
istiod                 ClusterIP      10.68.9.174    <none>           15010/TCP,15012/TCP,443/TCP,15014/TCP        127m

接着给test1名称空间打标签,表示test1作为istio的配置范围,test1名称空间内的pod都会注入一个边车

[root@master-01 ~/istio]# kubectl create ns test1
namespace/test1 created
[root@master-01 ~/istio]#  kubectl label namespace test1 istio-injection=enabled
namespace/test1 labeled

测试代码

我必须保持让cookie或者Header以某种方式被赋值后在代码链路中传递,而且应该有一个约束范围的名称。在测试中:

cookie名称是:cannary

Header名称是:test

代码如下:

package main

import (
    "fmt"
    "io/ioutil"
    "log"
    "net/http"
    "os"

    "github.com/gin-gonic/gin"
)

// 全局变量
var (
    PATH_URL = getEnv("PATH_URL", "go-test2")
    METHODS  = getEnv("METHODS", "GET")
    QNAME    = getEnv("QNAME", "name")
)

func getEnv(key, defaultVal string) string {
    if value, ok := os.LookupEnv(key); ok {
        return value
    }
    return defaultVal
}

func main() {
    r := gin.Default()
    r.POST("/post", postJson)
    r.GET("/get", getJson)
    r.Run(":9999")
}
func getJson(c *gin.Context) {
    // 获取cookie
    cookie, err := c.Cookie("cannary")
    if err != nil {
        cookie = "NotSet"
        c.SetCookie("gin_cookie", "test", 3600, "getJson", "localhost", false, true)
    }
    fmt.Println("c.Cookie:", cookie)

    // 获取传入参数
    query := c.Query(QNAME)
    fmt.Println(query)

    // 获取test Header
    headers := c.Request.Header
    customHeader := headers.Get("test")
    // 传递header和cookie
    sed2sort(customHeader, cookie)

    // 打印Header
    for k, v := range c.Request.Header {
        fmt.Println("c.Request.Header:", k, v)
        if k == "Test" {
            fmt.Println("c.Request.Header:", k, v)
        }
    }
    c.JSON(200, gin.H{"status": "ok"})
}
func postJson(c *gin.Context) {
    // 获取cookie
    cookie, err := c.Cookie("cannary")
    if err != nil {
        cookie = "NotSet"
        c.SetCookie("gin_cookie", "test", 3600, "getJson", "localhost", false, true)
    }
    fmt.Println("c.Cookie:", cookie)

    // 获取传入参数
    query := c.Query(QNAME)
    fmt.Println("c.Request.Query:", query)
    body := c.Request.Body
    x, err := ioutil.ReadAll(body)
    if err != nil {
        c.JSON(400, gin.H{"error": err.Error()})
        return
    }
    fmt.Println(query)

    // 获取test Header
    headers := c.Request.Header
    customHeader := headers.Get("test")
    sed2sort(customHeader, cookie)
    // 打印Header
    for k, v := range c.Request.Header {
        fmt.Println("c.Request.Header:", k, v)
        if k == "Test" {
            fmt.Println("Test:", k, v)
        }
    }
    log.Println(string(x))
    c.JSON(200, gin.H{"status": "ok"})
}

// 调用下游
func sed2sort(headerValue, icookie string) {
    fmt.Println("sed2sort:", METHODS, PATH_URL)
    client := &http.Client{}
    req, err := http.NewRequest(METHODS, PATH_URL, nil)

    // 添加Header
    req.Header.Add("test", headerValue)

    // 添加Cookie
    cookies := []*http.Cookie{
        &http.Cookie{Name: "cannary", Value: icookie},
    }
    for _, cookie := range cookies {
        req.AddCookie(cookie)
    }
    if err != nil {
        fmt.Println(err)
        return
    }
    res, err := client.Do(req)
    if err != nil {
        fmt.Println(err)
        return
    }
    defer res.Body.Close()

    body, err := ioutil.ReadAll(res.Body)
    if err != nil {
        fmt.Println(err)
        return
    }
    fmt.Println(string(body))
}

yaml

相对的,需要创建几组服务和vs,分别测试Header,cookie,服务均从server1访问server2,在server2中进行mesh

server1

在server1中会去调用server2的get接口,通过环境变量传入

apiVersion: v1
kind: Service
metadata:
  name: server1
  namespace: test1
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9999
  selector:
    app: server1
    version: v0.2
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: server1
  namespace: test1
spec:
  replicas: 
  selector:
    matchLabels:
      app: server1
      version: v0.2
  template:
    metadata:
      labels:
        app: server1
        version: v0.2
    spec:
      containers:
      - name: server1
        # imagePullPolicy: Always
        image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
        #image: uhub.service.ucloud.cn/marksugar-k8s/cookie:v1
        ports:
        - name: http
          containerPort: 9999
        env:
          - name: PATH_URL
            value: http://server2/get
          - name: METHODS
            value: GET

server2

server2提供一个单独的服务

apiVersion: v1
kind: Service
metadata:
  name: server2
  namespace: test1
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9999
  selector:
    app: server2
    version: v0.2
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: server2
  namespace: test1
spec:
  replicas: 
  selector:
    matchLabels:
      app: server2
      version: v0.2
  template:
    metadata:
      labels:
        app: server2
        version: v0.2
    spec:
      containers:
      - name: server2
        # imagePullPolicy: Always
        image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
        ports:
        - name: http
          containerPort: 9999

server2-1

server3也提供一个单独的服务

apiVersion: v1
kind: Service
metadata:
  name: server2-1
  namespace: test1
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9999
  selector:
    app: server2-1
    version: v0.2
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: server2-1
  namespace: test1
spec:
  replicas: 
  selector:
    matchLabels:
      app: server2-1
      version: v0.2
  template:
    metadata:
      labels:
        app: server2-1
        version: v0.2
    spec:
      containers:
      - name: server2-1
        # imagePullPolicy: Always
        image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
        ports:
        - name: http
          containerPort: 9999

server2-cooike

apiVersion: v1
kind: Service
metadata:
  name: server2-cooike
  namespace: test1
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9999
  selector:
    app: server2-cooike
    version: v0.2
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: server2-cooike
  namespace: test1
spec:
  replicas: 
  selector:
    matchLabels:
      app: server2-cooike
      version: v0.2
  template:
    metadata:
      labels:
        app: server2-cooike
        version: v0.2
    spec:
      containers:
      - name: server2-cooike
        # imagePullPolicy: Always
        image: uhub.service.ucloud.cn/marksugar-k8s/go-test:v3.1
        ports:
        - name: http
          containerPort: 9999

创建完成后相对的svc和pod正常

[root@master-01 ~/higress/ops/server]# kubectl -n test1 get pod
NAME                            READY   STATUS    RESTARTS   AGE
server1-79fd8456ff-8fj9v        2/2     Running   0          25m
server2-1-74bfdd776c-5zs7z      2/2     Running   0          24m
server2-5bc69c4f75-wcbcq        2/2     Running   0          25m
server2-cooike-94ffb459-bdgk4   2/2     Running   0          21m
[root@master-01 ~/higress/ops/server]# kubectl -n test1 get svc
NAME             TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
server1          ClusterIP   10.68.142.192   <none>        80/TCP    3h13m
server2          ClusterIP   10.68.27.255    <none>        80/TCP    3h13m
server2-1        ClusterIP   10.68.196.212   <none>        80/TCP    3h
server2-cooike   ClusterIP   10.68.165.157   <none>        80/TCP    21m

开始将server1发布

发布

在istio中,我们需要配置Gateway,destinationRule和VirtualService,如下

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: cookie-gateway
  namespace: istio-system
  # 要指定为ingress gateway pod所在名称空间
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "cookie.linuxea.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: cookie
  namespace: test1
spec:
  host: "cookie.linuxea.com"
  trafficPolicy:
    tls:
      mode: DISABLE
---
# apiVersion: networking.istio.io/v1beta3
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: cookie
  namespace: test1
spec:
  hosts:
  - "cookie.linuxea.com"
  gateways:
  - istio-system/cookie-gateway
  - mesh
  http:
  - name: server1
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: server1

测试

我们通过postman发送请求,无论什么情况,访问cookie.linuxea.com域名都会将请求发往server1

  • server1
[root@master-01 ~]#  kubectl -n test1 logs -f server1-79fd8456ff-8fj9v  
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999

sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: X-B3-Parentspanid [c782871d39b17cab]
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-B3-Traceid [42855963a60a52bcc782871d39b17cab]
c.Request.Header: Postman-Token [e65b66ff-296f-4033-ab83-e6ccf904c043]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
c.Request.Header: X-B3-Spanid [9d5a0f1e0f9ecb58]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: X-Request-Id [e2ec1977-62d9-4cba-90bc-7476e4037b47]
[GIN] 2023/09/14 - 09:30:18 | 200 |    1.970681ms |      192.20.1.0 | GET      "/get"
  • server2
[root@master-01 ~]# kubectl -n test1 logs -f server2-5bc69c4f75-wcbcq 
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999

sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: X-B3-Traceid [bedabe3d26de18e00f3029cb0970a46f]
c.Request.Header: X-B3-Parentspanid [0f3029cb0970a46f]
c.Request.Header: User-Agent [Go-http-client/1.1]
c.Request.Header: Test []
c.Request.Header: Test []
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [904970b36297796d]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Cookie [cannary=NotSet]
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Request-Id [faa7c8ad-1175-43f3-9635-277747543a85]
[GIN] 2023/09/14 - 09:30:18 | 200 |      573.45µs |       127.0.0.6 | GET      "/get"

基于header

header的name在约束内假设代码内传递的header名称就是test,因此我们添加test为true,如果通过postman发送的请求头中包含了header等于true就路由到server2-1

  http:
  - name: server2-1
    match:
    - headers:
        test: 
          exact: "true"
    route:
    - destination:
        host: server2-1

如下

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: server2
  namespace: test1
spec:
  hosts:
  - "server2"
  http:
  - name: server2-1
    match:
    - headers:
        test: 
          exact: "true"
    route:
    - destination:
        host: server2-1
      headers:
        request:
          set:
            User-Agent: Mozilla
        response:
          add:
            x-canary: "marksugar"
  - name: server2
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: server2

发起一次测试image-20230914173911832.png

此时请求就被路由到server2-1上了

  • server1
[root@master-01 ~]#  kubectl -n test1 logs -f server1-79fd8456ff-8fj9v  
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999

sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: Postman-Token [0a2c1682-fb2a-428f-a9d1-8232bf8372db]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
c.Request.Header: X-B3-Traceid [034f8708b77c398ea651d5f18dae87f3]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Request-Id [39b021a2-b596-4899-8eec-bc58210bae4f]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: Test [true]
c.Request.Header: Test [true]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-B3-Spanid [6178bc93cf359eb7]
c.Request.Header: X-B3-Parentspanid [a651d5f18dae87f3]
c.Request.Header: X-B3-Sampled [0]
[GIN] 2023/09/14 - 09:37:17 | 200 |    4.640183ms |      192.20.1.0 | GET      "/get"
  • server2-1
[root@master-01 ~]# kubectl -n test1 logs -f server2-1-74bfdd776c-5zs7z 
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999

sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: X-Request-Id [8bd6ca98-2b11-4867-85b6-6c0ec629de49]
c.Request.Header: User-Agent [Mozilla]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-B3-Traceid [d3693e3f3f1bc32a0220533906f33a9e]
c.Request.Header: X-B3-Parentspanid [0220533906f33a9e]
c.Request.Header: Test [true]
c.Request.Header: Test [true]
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [db50496d52cfae29]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Cookie [cannary=NotSet]
[GIN] 2023/09/14 - 09:37:18 | 200 |      230.31µs |       127.0.0.6 | GET      "/get"

基于cookie

我们需要regexheader中cookie的值,如:cannary=marksugar;由冒号分隔,在regex后就变成了

"^(.*;.)?(cannary=marksugar)(;.*)?$"

代码中仍然需要约束传递的名称,而后,我们修改server2的VirtualService配置:如果cookie包含cannary=marksugar就路由到server2-cooike,添加如下

  http:
  - name: server2-cookie
    match:
    - headers:
       cookie:
         regex: "^(.*;.)?(cannary=marksugar)(;.*)?$"
    route:
    - destination:
        host: server2-cooike

如下

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: server2
  namespace: test1
spec:
  hosts:
  - "server2"
  http:
  - name: server2-cookie
    match:
    - headers:
       cookie:
         regex: "^(.*;.)?(cannary=marksugar)(;.*)?$"
    route:
    - destination:
        host: server2-cooike
  - name: server2-1
    match:
    - headers:
        test: 
          exact: "true"
    route:
    - destination:
        host: server2-1
      headers:
        request:
          set:
            User-Agent: Mozilla
        response:
          add:
            x-canary: "marksugar"
  - name: server2
    headers:
      response:
        add:
          X-Envoy: linuxea
    route:
    - destination:
        host: server2

接着在postman中添加cooike,左侧中部添加域名:cookie.linuxea.com,而后点击Add Cookie添加cannary=marksugar!

image-20230914172207372.png当携带cannary=marksugar的请求在流向server2的时候。检测到cookie为cannary=marksugar的时候就会将请求路由到server2-cooike的pod

image-20230914174151474.png

此时请求中携带cannary=marksugar就发送server2-cooike中了

  • server1
[root@master-01 ~]#  kubectl -n test1 logs -f server1-79fd8456ff-8fj9v  
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
c.Cookie: marksugar

sed2sort: GET http://server2/get
{"status":"ok"}
c.Request.Header: X-Forwarded-For [192.20.1.0]
c.Request.Header: X-Envoy-External-Address [192.20.1.0]
c.Request.Header: X-B3-Parentspanid [6b9b59fdbe1b967c]
c.Request.Header: X-B3-Sampled [0]
c.Request.Header: Postman-Token [bd6ef33a-279b-4b13-853c-c0785eb6161d]
c.Request.Header: Cookie [cannary=marksugar]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-B3-Spanid [b53f23943a757ec7]
c.Request.Header: Accept-Encoding [gzip, deflate, br]
c.Request.Header: X-Request-Id [0cf8ff34-3f41-4197-9e22-0f8d02371942]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: User-Agent [PostmanRuntime/7.28.2]
c.Request.Header: Accept [*/*]
c.Request.Header: X-B3-Traceid [3211f68dd35e189b6b9b59fdbe1b967c]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=b5b1bdfa157a62e0c7d88009119f39a681271410387e440353ee23e8db6bedf8;Subject="";URI=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account]
[GIN] 2023/09/14 - 09:26:37 | 200 |    2.427771ms |      192.20.1.0 | GET      "/get"
  • server2-cooike
[root@master-01 ~]# kubectl -n test1 logs -f server2-cooike-94ffb459-bdgk4 
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:    export GIN_MODE=release
 - using code:    gin.SetMode(gin.ReleaseMode)

[GIN-debug] POST   /post                     --> main.postJson (3 handlers)
[GIN-debug] GET    /get                      --> main.getJson (3 handlers)
[GIN-debug] [WARNING] You trusted all proxies, this is NOT safe. We recommend you to set a value.
Please check https://pkg.go.dev/github.com/gin-gonic/gin#readme-don-t-trust-all-proxies for details.
[GIN-debug] Listening and serving HTTP on :9999
c.Cookie: marksugar

sed2sort: GET go-test2
Get "go-test2": unsupported protocol scheme ""
c.Request.Header: User-Agent [Go-http-client/1.1]
c.Request.Header: Cookie [cannary=marksugar]
c.Request.Header: X-Request-Id [1bb67f53-5a26-4803-b934-6ed5b0af0c1d]
c.Request.Header: X-B3-Spanid [1da69ab234ba1e23]
c.Request.Header: X-B3-Parentspanid [1ca523b46de45366]
c.Request.Header: Test []
c.Request.Header: Test []
c.Request.Header: Accept-Encoding [gzip]
c.Request.Header: X-Forwarded-Proto [http]
c.Request.Header: X-Envoy-Attempt-Count [1]
c.Request.Header: X-Forwarded-Client-Cert [By=spiffe://cluster.local/ns/test1/sa/default;Hash=102cfb7487ec810d309276831d9a41169dedce98bc5efcd81343e1d58d49bdd7;Subject="";URI=spiffe://cluster.local/ns/test1/sa/default]
c.Request.Header: X-B3-Traceid [ba730ac5aa266e2b1ca523b46de45366]
c.Request.Header: X-B3-Sampled [0]
[GIN] 2023/09/14 - 09:26:39 | 200 |       71.76µs |       127.0.0.6 | GET      "/get"

参考

https://regex101.com/r/CPv2kU/3https://istio.io/latest/docs/reference/config/networking/destination-rule/https://istio.io/latest/zh/docs/tasks/traffic-management/request-routing/

相关文章

LeaferJS 1.0 重磅发布:强悍的前端 Canvas 渲染引擎
10分钟搞定支持通配符的永久有效免费HTTPS证书
300 多个 Microsoft Excel 快捷方式
一步步配置基于kubeadmin的kubevip高可用
REST Web 服务版本控制
2023 年最适合 Windows 11 使用的 20 个应用

发布评论