我在Istio中部署了一个SpringBoot服务器,运行在:9091上。在Istio Ingress网关中打开了相同的端口,VirtualService已设置。。。一切都好,我可以从外面打9091。然而,我的应用程序需要读取调用端点的URL,并且查看httpServlet请求.getRequestURL((时没有显示端口。这意味着请求看起来像是到达了端口:80,尽管这不可能是真的,因为服务器正在侦听:9091。
当我在9091为服务设置端口转发时,该端口正确地存在于httpServlet请求中
这里的问题是什么?为什么Istio会从请求中删除端口?
编辑:添加清单
gateway-ports.yml:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio-with-extra-ports
spec:
profile: default
meshConfig:
enableTracing: true
defaultConfig:
tracing:
sampling: 100
components:
ingressGateways:
- namespace: istio-system
name: istio-ingressgateway
enabled: true
k8s:
service:
ports:
- port: 15021
targetPort: 15021
name: status-port
protocol: TCP
- port: 80
targetPort: 8080
name: http2
protocol: TCP
- port: 443
targetPort: 8443
name: https
protocol: TCP
- port: 15012
targetPort: 15012
name: tcp-istiod
protocol: TCP
- port: 15443
targetPort: 15443
name: tls
protocol: TCP
- port: 9091
targetPort: 9091
name: http-neo-dms-service
protocol: TCP
gateway.yml:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
- port:
number: 9091
name: http-9091
protocol: HTTP
hosts:
- "*"
deployment-and-service.yml:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: neo-dms-service
name: neo-dms-service
spec:
replicas: 1
selector:
matchLabels:
app: neo-dms-service
strategy: {}
template:
metadata:
labels:
app: neo-dms-service #tied to Service file spec.selector.app
annotations:
co.elastic.logs/enabled: "true"
co.elastic.logs.json-logging/json.keys_under_root: "true"
co.elastic.logs.json-logging/json.add_error_key: "true"
co.elastic.logs.json-logging/json.message_key: "message"
spec:
containers:
- image: localhost:5000/my/image:1.0-SNAPSHOT
name: neo-dms-service
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "50Mi"
cpu: "500m"
limits:
memory: "500Mi"
cpu: "2000m"
lifecycle:
preStop:
exec:
command: ["sh", "-c", "sleep 10"]
---
apiVersion: v1
kind: Service
metadata:
labels:
app: neo-dms-service
name: neo-dms-service
spec:
ports:
- name: 9091-9091
port: 9091
protocol: TCP
targetPort: 9091
selector:
app: neo-dms-service #tied Deployment file spec.template.metadata.labels.app
type: ClusterIP
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: neo-dms-service-frontend
spec:
hosts:
- "*"
gateways:
- gateway
http:
- route:
- destination:
host: neo-dms-service.default.svc.cluster.local
port:
number: 9091
我通过istioctl install -y -f gateway-ports.yml安装Istio然后我用kubectl label namespace default istio-injection=enabled标记默认名称空间
当应用程序运行时,我在端口9091调用其端点,并检查请求URLhttpServletRequest.getRequestURL()。这个URL现在有端口80,这就是我所期望的9091。
我花了几天时间试图解决同一问题。Spring应用程序利用了";x向前端口";标头,以在网关之前确定客户端的请求端口。然而,Istio在默认情况下并没有这样做。
此配置允许x转发端口附加到网关Envoy sidecar。
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: tweak-xforwarded-port
namespace: istio-system # as defined in meshConfig resource.
spec:
configPatches:
- applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
patch:
operation: MERGE
value:
name: "envoy.filters.network.http_connection_manager"
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
append_x_forwarded_port: true