stackoom
  简体   繁体   中英

Headers propagation to upstream services in Istio

 原文  2021-11-19 14:01:06       kubernetes/ istio/ envoyproxy

Question

I would like to pass header foo from service A to service B , but how to do that?

  • VirtualService 's header will work only with actual virtual service and wouldn't be passed to service B (as I would hope)
  • JWTRule describes how we can work propagating jwt to upstream services.
  • changing headers for tracing is possible.
  • Envoy Filter looks promising, but I haven't figured out a straightforward way to do that, atm.

What am I missing? How propagation of a particular header or group of headers can be done to upstream services without changing services source code.

1 answers

solution1
 0  2021-11-20 14:45:19

VirtualServices can configure service-to-service traffic, just as it configures traffic to be rotued from the ingress gateway to the services.

For example with this virtual service, you will add the test header in the requests with the echo destination:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: echo
spec:
  hosts:
  - echo
  http:
  - headers:
      request:
        set:
          test: "true"
    route:
    - destination:
        host: echo

To verify that create a two deployments so that we can make a request from one to another:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: echo
  name: echo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - image: ealen/echo-server
        imagePullPolicy: IfNotPresent
        name: echo
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        env:
        - name: PORT
          value: '8080'
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo
  name: echo
spec:
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: governmentpaas/curl-ssl
        command: ["/bin/sleep", "3650d"]

Wait until it is up and execute a request against the echo server:

kubectl exec -it deploy/sleep -- /bin/sh -c 'curl echo:8080'

And you will see that the test header is added in the request header, this can be seen in the response where the echo server echoes the headers and in the logs of the echo server.

Note: For the above to work all need to be applied in the same namespace. The namespace must be labeled for sidecar injection.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Istio DestinationRule gives upstream connect error or disconnect/reset before headers How do I forward headers to different services in Kubernetes (Istio) istio upstream connect error or disconnect/reset before headers. reset reason: connection termination Istio with SDS and Mutual TLS: upstream connect error or disconnect/reset before headers. reset reason: connection failure Istio egress gives “upstream connect error or disconnect/reset before headers” errors from python micro-service Istio Ingress resulting in “no healthy upstream” Istio Ingress TLS use ACM: upstream connect error or disconnect/reset before headers. reset reason: connection termination Istio services and their usage Istio sidecar upstream pod reconnection issue websockets on GKE with istio gives 'no healthy upstream' and 'CrashLoopBackOff'
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM