istio通过envoyFilter实现nginx的error_page
需求:实现nginx的error_page,istio本身不支持,只能通过envoyfilter来实现。
当收到后端返回503时候,并且响应header中action为redirect时重定向跳转到首页。
ps: virtualSerivce支持自定义添加header参数。
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: 503-redirect-lua-filter
namespace: istio-system
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
sni: "test.maple.com"
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_response(response_handle)
if response_handle:headers():get(":status") == "503" then
response_handle:logInfo("Got status 503")
if response_handle:headers():get("action") == "redirect" then
response_handle:logInfo("Got status 503, redirect to login...")
path = response_handle:headers()
local xx = ""
for k, v in pairs(path) do
local tmp = k..":"..v;
xx = xx .. "\\n" .. tmp
end;
response_handle:logInfo(xx)
response_handle:headers():replace(":status", "302")
response_handle:headers():add("location", "http://test.maple.com/index")
end
end
end
上面是配置在在istio-system名称空间,想配置在指定namespace下,只对某个pod生效,配置如下:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: 503-redirect-lua-filter
namespace: test
spec:
workloadSelector:
labels:
app: app-web
configPatches:
# The first patch adds the lua filter to the listener/http connection manager
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
portNumber: 80
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.filters.http.router"
patch:
operation: INSERT_BEFORE
value: # lua filter specification
name: envoy.filters.http.lua
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_response(response_handle)
if response_handle:headers():get(":status") == "503" then
response_handle:logInfo("Got status 503")
if response_handle:headers():get("action") == "redirect" then
response_handle:logInfo("Got status 503, redirect to login...")
path = response_handle:headers()
local xx = ""
for k, v in pairs(path) do
local tmp = k..":"..v;
xx = xx .. "\\n" .. tmp
end;
response_handle:logInfo(xx)
response_handle:headers():replace(":status", "302")
response_handle:headers():add("location", "http://test.maple.com/index")
end
end
end
EOF
注意:匹配的pod必须得开启istio sidecar注入,不然不生效,之前一直没查出问题只能选择上面的配置在istio-system空间里面了。。