您现在的位置是:亿华云 > 数据库
不懂Envoyfilter 也敢说精通Istio-ExtensionWithMatcher- 按条件执行过滤器
亿华云2025-10-03 02:16:54【数据库】5人已围观
简介1.什么是按条件使用过滤器条件过滤就是HttpConnectionManager的过滤器可以有条件的执行,比如请求头或响应头是某个值时执行这个过滤器,如果匹配某个值就跳过。他可以和Composite过
1.什么是不懂按条件使用过滤器
条件过滤就是HttpConnectionManager的过滤器可以有条件的执行,比如请求头或响应头是敢说过滤某个值时执行这个过滤器,如果匹配某个值就跳过。精通他可以和Composite过滤器结合,条件当条件满足时执行某个过滤器。服务器托管执行按条件的不懂过滤器是通过ExtensionWithMatcher实现的,其中extension配置要执行的敢说过滤过滤器,matcher匹配条件,精通条件匹配后执行某个动作。条件
2.相关配置
2.1ExtensionWithMatcher
{ "matcher": "{ ...}",执行匹配 "xds_matcher": "{ ...}",匹配条件和动作,还没实现 "extension_config": "{ ...}"过滤器扩展配置 }xds_matcher:
{ "matcher_list": "{ ...}",线性matcher "matcher_tree": "{ ...}",树性matcher "on_no_match": "{ ...}"没有match情况处理 }matcher_list:
{ "matchers": []匹配 }matchers:
{ "predicate": "{ ...}",判断是源码库否match "on_match": "{ ...}"如果match做什么 }predicate:
{ "single_predicate": "{ ...}",单条match "or_matcher": "{ ...}",或match "and_matcher": "{ ...}",与match "not_matcher": "{ ...}"非match }single_predicate:
{ "input": "{ ...}",输入 "value_match": "{ ...}",值匹配 "custom_match": "{ ...}"自定义匹配 }input:
envoy.matching.common_inputs.environment_variable { "exact": "...",精确匹配 "prefix": "...",前缀匹配 "suffix": "...",后缀匹配 "safe_regex": "{ ...}",正则匹配 "contains": "...",包含匹配 "ignore_case": "..."忽略大小写 }custom_match:
envoy.matching.input_matchers.consistent_hashing envoy.matching.input_matchers.ipmatcher_tree:
{ "input": "{ ...}",输入 "exact_match_map": "{ ...}",精确或前缀匹配 "prefix_match_map": "{ ...}",前缀匹配 "custom_match": "{ ...}"自定义前缀或精确匹配 }exact_match_map,prefix_match_map
{ "map": "{ ...}" }map:
{ "matcher": "{ ...}",不懂匹配 "action": "{ ...}"动作 }matcher:
{ "matcher_list": "{ ...}",线性matcher "matcher_tree": "{ ...}",树性matcher "on_no_match": "{ ...}"没有match情况处理 }input:
type.matcher.v3.HttpRequestHeaderMatchInput
type.matcher.v3.HttpRequestTrailerMatchInput
type.matcher.v3.HttpResponseHeaderMatchInput
type.matcher.v3.HttpResponseTrailerMatchInput
config.common.matcher.v3.MatchPredicate
{ "or_match": "{ ...}", "and_match": "{ ...}", "not_match": "{ ...}", "any_match": "...", "http_request_headers_match": "{ ...}", "http_request_trailers_match": "{ ...}", "http_response_headers_match": "{ ...}", "http_response_trailers_match": "{ ...}", "http_request_generic_body_match": "{ ...}", "http_response_generic_body_match": "{ ...}" }3.实战
默认istio的envoy是没有启用这个功能的,通过注解启用。敢说过滤
apiVersion: v1 kind: ConfigMap metadata: name: istio-custom-bootstrap-config data: custom_bootstrap.json: | { "layered_runtime": { "layers": [ { "name": "static-layer",精通 "static_layer": { "envoy": { "reloadable_features": { "experimental_matching_api": true } } } } ] } }productpage-deploy.yaml
kubectl apply -f productpage-deploy.yaml -n istio
apiVersion: apps/v1 kind: Deployment metadata: name: productpage-v1 labels: app: productpage version: v1 spec: replicas: 1 selector: matchLabels: app: productpage version: v1 template: metadata: labels: app: productpage version: v1 annotations: sidecar.istio.io/bootstrapOverride: "istio-custom-bootstrap-config" spec: serviceAccountName: bookinfo-productpage containers: - name: productpage image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2 imagePullPolicy: IfNotPresent ports: - containerPort: 9080 volumeMounts: - name: tmp mountPath: /tmp securityContext: runAsUser: 1000 volumes: - name: tmp emptyDir: { } ---3.1ExtensionWithMatcher
3.1.1matcher_list
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: extension spec: workloadSelector: labels: app: productpage configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND listener: name: 0.0.0.0_9080 filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: test typed_config: "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher extension_config: name: envoy.filters.http.fault typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault abort: http_status: 503 percentage: numerator: 100 denominator: HUNDRED delay: fixed_delay: 3s percentage: numerator: 100 denominator: HUNDRED matcher: matcher_list: matchers: - predicate: or_matcher: predicate: - single_predicate: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput header_name: end-user value_match: exact: jason - single_predicate: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpResponseHeaderMatchInput header_name: test value_match: exact: bar on_match: action: name: skip typed_config: "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter3.1.2matcher_tree
ef-ExtensionWithMatcher-matcher_tree.yaml
kubectl apply -f ef-ExtensionWithMatcher-matcher_tree.yaml -n istio
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: extension spec: workloadSelector: labels: app: productpage configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND listener: name: 0.0.0.0_9080 filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: test typed_config: "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher extension_config: name: envoy.filters.http.fault typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault abort: http_status: 503 percentage: numerator: 100 denominator: HUNDRED delay: fixed_delay: 3s percentage: numerator: 100 denominator: HUNDRED matcher: matcher_tree: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput header_name: end-user exact_match_map: map: jason: matcher: matcher_list: matchers: - predicate: or_matcher: predicate: - single_predicate: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput header_name: end-user value_match: exact: jason - single_predicate: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput header_name: end-user value_match: exact: bar on_match: action: name: skip typed_config: "@type": type.googleapis.com/envoy.extensions.filters.common.matcher.action.v3.SkipFilter3.1.3Composite
apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: extension spec: workloadSelector: labels: app: productpage configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND listener: name: 0.0.0.0_9080 filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: composite typed_config: "@type": type.googleapis.com/envoy.extensions.common.matching.v3.ExtensionWithMatcher extension_config: name: composite typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.Composite matcher: matcher_tree: input: name: request-headers typed_config: "@type": type.googleapis.com/envoy.type.matcher.v3.HttpRequestHeaderMatchInput header_name: end-user exact_match_map: map: "mark": action: name: composite-action typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.ExecuteFilterAction typed_config: name: http-fault typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault delay: fixed_delay: 1s percentage: numerator: 100 denominator: HUNDRED "jason": action: name: composite-action typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.composite.v3.ExecuteFilterAction typed_config: name: http-fault typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault abort: http_status: 503 percentage: numerator: 100 denominator: HUNDRED本文转载自微信公众号「k8s实战」,可以通过以下二维码关注。条件转载本文请联系k8s实战公众号。亿华云计算执行
很赞哦!(35919)
