根据 https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/#HTTPMatchRequest,
HttpMatchRequest 指定要满足的一组条件,以便将规则应用于 HTTP 请求。例如,以下内容将规则限制为仅匹配 URL 路径以/ratings/v2/开头且请求包含值为 jason 的自定义最终用户标头的请求。
我认为这意味着匹配应该是AND类型。
下面是一个 istio 虚拟服务定义。根据上面的定义,我假设这个虚拟服务只允许POST/status/...
但是,似乎逻辑实际上是OR,即POST请求或(例如,GET/status/xxx(请求通过。有人可以解释或更正我的配置吗?
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
- uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port
输出
$ siege -c1 -d1 --content-type "application/json" '127.0.0.1:31380/delay/2 POST {"ids": ["1","2","3"]}' ==> not a request to /status/.. , why does this match
HTTP/1.1 200 2.00 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
HTTP/1.1 200 2.01 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
..
$ siege -c1 -d1 127.0.0.1:31380/status/200 ====================> not a POST request , why does this match
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
..
解决了,我在 uri 之前有一个"-">
正确的配置应该是
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port