- 此篇内容
主要目的是總結vs中的match的有關規則和在istio中如何實作路徑切割(當下版本1.8.2)
實驗demo
main.go
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
func main() {
//1.建立路由
r := gin.Default()
//2.綁定路由規則,執行的函數
r.GET("/zisefeizhu", func(context *gin.Context) {
context.String(http.StatusOK, "Hello Zisefeizhu V1!")
// v1版本為context.String(http.StatusOK, "Hello Zisefeizhu V1!")
// v2版本為context.String(http.StatusOK, "Hello Zisefeizhu V2!")
})
//3.監聽端口,預設8080
r.Run(":8080")
}
Dockerfile
FROM registry.cn-shenzhen.aliyuncs.com/realibox-baseimage/golang:1.15.2-alpine as builder
WORKDIR /app
RUN go env -w GO111MODULE=on \
&& go env -w GOPROXY=https://goproxy.cn,direct
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags "-s -w" -o server main.go
FROM alpine:latest
WORKDIR /app
COPY --from=builder /app/server /app
CMD ["./server"]
deployment.yaml
- v1 v2版本的不同之處在于version
apiVersion: apps/v1
kind: Deployment
metadata:
name: goproject
namespace: zisefeizhu
labels:
app: goproject
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: goproject
version: v1
template:
metadata:
labels:
app: goproject
version: v1
spec:
containers:
- image: registry.cn-shenzhen.aliyuncs.com/zisefeizhu/goproject:goproject-zisefeizhu-5425
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 30
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 2
name: goproject
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 30
successThreshold: 1
tcpSocket:
port: 8080
imagePullSecrets:
- name: business-secret
svc.yaml
- svc中沒有version标簽
apiVersion: v1
kind: Service
metadata:
labels:
app: goproject
name: goproject
namespace: zisefeizhu
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: goproject
type: ClusterIP
istio配置清單
gateway.yaml
- istio-system 名稱空間下
- 使用cert-manager 自動生成、續簽證書
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: www-zisefeizhu-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- www.zisefeizhu.com
port:
name: http
number: 80
protocol: HTTP
tls:
httpsRedirect: true # 301跳轉https
- hosts:
- www.zisefeizhu.com
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: www-zisefeizhu-com # cert-manager生成的證書的certificate namespace
mode: SIMPLE
dr.yaml
- 定義子集
kind: DestinationRule
apiVersion: networking.istio.io/v1alpha3
metadata:
name: goproject
namespace: zisefeizhu
spec:
host: goproject
subsets:
- labels:
version: v12.3
name: v1
- labels:
version: v12.4
name: v2
vr.yaml
- 重點來了
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: goproject
namespace: zisefeizhu
spec:
hosts:
- www.zisefeizhu.com
gateways:
- istio-system/www-zisefeizhu-gateway #跨namespace
http:
- match: #ab test 條件比對塊 這裡設定的測試條件為user-agent字段,設定了兩個客戶位址
- headers: #目前istio對于多條件的比對需要寫多個headers
user-agent:
exact: Mozilla/5.0
uri:
prefix: /api/ #通路www.zisefeizhu.com/api/zisefeizhu 跳轉到www.zisefeizhu.com/zisefeizhu
- headers: #istio 沒有類似kong的 ``konghq.com/strip-path`` 注解
user-agent:
exact: Mozilla/6.0
uri:
prefix: /api/
rewrite: #此處需要注意:https://github.com/istio/istio/issues/8076
uri: /
route:
- destination:
host: goproject
subset: v2 #比對到進入v2版本
- match: #此比對塊為``切割``路由路徑比對塊掩飾
- uri:
prefix: /api/
rewrite:
uri: /
route:
- destination:
host: goproject
subset: v1
- route: #預設路由
- destination:
host: goproject
subset: v1
驗證
- 工具為:postman
通路位址http:www.zisefeizhu.com/api/zisefeizhu
user-agent: Mozilla/5.0
user-agent: Mozilla/6.0
user-agent: Mozilla/7.0
👌!
總結
此篇需要注意點:
1、比對塊 match
比對要激活的規則要滿足的條件。單個比對塊内的所有條件都具有AND語義,而比對塊清單具有OR語義。如果任何一個比對塊成功,則比對該規則。
2、标頭操作 headers
目前對多條件的比對似乎還不能寫在一個headers中需要分開寫
3、路由切割
istio目前對于路由切割似乎沒有類似kong 和nginxde的方法
ps:kong nginx:底層一樣
使用rewrite重寫可以做到
過手如登山,一步一重天