- 此篇内容
主要目的是总结vs中的match的有关规则和在istio中如何实现路径切割(当下版本1.8.2)
实验demo
main.go
package main
import (
"github.com/gin-gonic/gin"
"net/http"
)
func main() {
//1.创建路由
r := gin.Default()
//2.绑定路由规则,执行的函数
r.GET("/zisefeizhu", func(context *gin.Context) {
context.String(http.StatusOK, "Hello Zisefeizhu V1!")
// v1版本为context.String(http.StatusOK, "Hello Zisefeizhu V1!")
// v2版本为context.String(http.StatusOK, "Hello Zisefeizhu V2!")
})
//3.监听端口,默认8080
r.Run(":8080")
}
Dockerfile
FROM registry.cn-shenzhen.aliyuncs.com/realibox-baseimage/golang:1.15.2-alpine as builder
WORKDIR /app
RUN go env -w GO111MODULE=on \
&& go env -w GOPROXY=https://goproxy.cn,direct
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags "-s -w" -o server main.go
FROM alpine:latest
WORKDIR /app
COPY --from=builder /app/server /app
CMD ["./server"]
deployment.yaml
- v1 v2版本的不同之处在于version
apiVersion: apps/v1
kind: Deployment
metadata:
name: goproject
namespace: zisefeizhu
labels:
app: goproject
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: goproject
version: v1
template:
metadata:
labels:
app: goproject
version: v1
spec:
containers:
- image: registry.cn-shenzhen.aliyuncs.com/zisefeizhu/goproject:goproject-zisefeizhu-5425
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 30
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 2
name: goproject
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 30
successThreshold: 1
tcpSocket:
port: 8080
imagePullSecrets:
- name: business-secret
svc.yaml
- svc中没有version标签
apiVersion: v1
kind: Service
metadata:
labels:
app: goproject
name: goproject
namespace: zisefeizhu
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: goproject
type: ClusterIP
istio配置清单
gateway.yaml
- istio-system 名称空间下
- 使用cert-manager 自动生成、续签证书
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: www-zisefeizhu-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- www.zisefeizhu.com
port:
name: http
number: 80
protocol: HTTP
tls:
httpsRedirect: true # 301跳转https
- hosts:
- www.zisefeizhu.com
port:
name: https
number: 443
protocol: HTTPS
tls:
credentialName: www-zisefeizhu-com # cert-manager生成的证书的certificate namespace
mode: SIMPLE
dr.yaml
- 定义子集
kind: DestinationRule
apiVersion: networking.istio.io/v1alpha3
metadata:
name: goproject
namespace: zisefeizhu
spec:
host: goproject
subsets:
- labels:
version: v12.3
name: v1
- labels:
version: v12.4
name: v2
vr.yaml
- 重点来了
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: goproject
namespace: zisefeizhu
spec:
hosts:
- www.zisefeizhu.com
gateways:
- istio-system/www-zisefeizhu-gateway #跨namespace
http:
- match: #ab test 条件匹配块 这里设置的测试条件为user-agent字段,设置了两个客户地址
- headers: #目前istio对于多条件的匹配需要写多个headers
user-agent:
exact: Mozilla/5.0
uri:
prefix: /api/ #访问www.zisefeizhu.com/api/zisefeizhu 跳转到www.zisefeizhu.com/zisefeizhu
- headers: #istio 没有类似kong的 ``konghq.com/strip-path`` 注解
user-agent:
exact: Mozilla/6.0
uri:
prefix: /api/
rewrite: #此处需要注意:https://github.com/istio/istio/issues/8076
uri: /
route:
- destination:
host: goproject
subset: v2 #匹配到进入v2版本
- match: #此匹配块为``切割``路由路径匹配块掩饰
- uri:
prefix: /api/
rewrite:
uri: /
route:
- destination:
host: goproject
subset: v1
- route: #默认路由
- destination:
host: goproject
subset: v1
验证
- 工具为:postman
访问地址http:www.zisefeizhu.com/api/zisefeizhu
user-agent: Mozilla/5.0
user-agent: Mozilla/6.0
user-agent: Mozilla/7.0
👌!
总结
此篇需要注意点:
1、匹配块 match
匹配要激活的规则要满足的条件。单个匹配块内的所有条件都具有AND语义,而匹配块列表具有OR语义。如果任何一个匹配块成功,则匹配该规则。
2、标头操作 headers
目前对多条件的匹配似乎还不能写在一个headers中需要分开写
3、路由切割
istio目前对于路由切割似乎没有类似kong 和nginxde的方法
ps:kong nginx:底层一样
使用rewrite重写可以做到
过手如登山,一步一重天