Envoy domain和路由匹配
### 环境说明
##### 八个Service:
- envoy:Front Proxy,地址为172.31.50.10
- 7个后端服务
- light_blue和dark_blue:对应于Envoy中的blue集群
- light_red和dark_red:对应于Envoy中的red集群
- light_green和dark_green:对应Envoy中的green集群
- gray:对应于Envoy中的gray集群
启动
cd servicemesh_in_practise/HTTP-Connection-Manager/httproute-simple-match
docker-compose up[root@k8s-master httproute-simple-match]# cat docker-compose.yaml
version: '3'
services:
front-envoy:
#image: envoyproxy/envoy-alpine:v1.21-latest
image: envoyproxy/envoy:v1.23-latest
environment:
- ENVOY_UID=0
- ENVOY_GID=0
volumes:
- ./front-envoy.yaml:/etc/envoy/envoy.yaml
networks:
envoymesh:
ipv4_address: 172.31.50.10
expose:
# Expose ports 80 (for general traffic) and 9901 (for the admin server)
- "80"
- "9901"
light_blue:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- light_blue
- blue
environment:
- SERVICE_NAME=light_blue
expose:
- "80"
dark_blue:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- dark_blue
- blue
environment:
- SERVICE_NAME=dark_blue
expose:
- "80"
light_green:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- light_green
- green
environment:
- SERVICE_NAME=light_green
expose:
- "80"
dark_green:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- dark_green
- green
environment:
- SERVICE_NAME=dark_green
expose:
- "80"
light_red:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- light_red
- red
environment:
- SERVICE_NAME=light_red
expose:
- "80"
dark_red:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- dark_red
- red
environment:
- SERVICE_NAME=dark_red
expose:
- "80"
gray:
image: ikubernetes/servicemesh-app:latest
networks:
envoymesh:
aliases:
- gray
- grey
environment:
- SERVICE_NAME=gray
expose:
- "80"
networks:
envoymesh:
driver: bridge
ipam:
config:
- subnet: 172.31.50.0/24
[root@k8s-master httproute-simple-match]# cat front-envoy.yaml
admin:
profile_path: /tmp/envoy.prof
access_log_path: /tmp/admin_access.log
address:
socket_address:
address: 0.0.0.0
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 80 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
codec_type: AUTO
route_config:
name: local_route
virtual_hosts:
- name: vh_001
domains: ["ilinux.io", "*.ilinux.io", "ilinux.*"]
routes:
- match:
path: "/service/blue"
route:
cluster: blue
- match:
safe_regex:
google_re2: {}
regex: "^/service/.*blue$"
redirect:
path_redirect: "/service/blue"
- match:
prefix: "/service/yellow"
direct_response:
status: 200
body:
inline_string: "This page will be provided soon later.\n"
- match:
prefix: "/"
route:
cluster: red
- name: vh_002
domains: ["*"]
routes:
- match:
prefix: "/"
route:
cluster: gray
http_filters:
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: blue
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: blue
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: blue
port_value: 80
- name: red
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: red
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: red
port_value: 80
- name: green
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: green
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: green
port_value: 80
- name: gray
connect_timeout: 0.25s
type: STRICT_DNS
lb_policy: ROUND_ROBIN
http2_protocol_options: {}
load_assignment:
cluster_name: gray
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: gray
port_value: 80测试domain的匹配机制
首先访问无法匹配到vh_001的域名
curl -H "Host: www.magedu.com" http://172.31.50.10/service/a
接着访问可以匹配vh_001的域名
curl -H "Host: www.ilinux.io" http://172.31.50.10/service/a
测试路由匹配机制
首先访问“/service/blue”
curl -H "Host: www.ilinux.io" http://172.31.50.10/service/blue 
接着访问“/service/dark_blue”
curl -I -H "Host: www.ilinux.io" http://172.31.50.10/service/dark_blue 
然后访问“/serevice/yellow”
curl -H "Host: www.ilinux.io" http://172.31.50.10/service/yellow
