Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
736 views
in Technique[技术] by (71.8m points)

kubernetes - Istio complicated K8sObjectOverlay.PathValue

Istio can be deployed via IstioOperator.

You can patch anything created by a certain component using the K8sObjectOverlay, which takes a PathValue. I cannot for the life of me understand how to provide complicated PathValues.

Here are some example patches I've found (search for "patches:" on those pages) in case it helps.

The patch I'm trying to apply is changing the default ingressGateway that gets created from:

...
spec:
  profile: default
  components:
    ingressGateways:
      - namespace: istio-system
        name: istio-ingressgateway
        enabled: true

I can view the default ingress gateway that gets created with kubectl edit gateway/ingressgateway -n istio-system and see this snippet:

spec:
  servers:
  - hosts:
    - '*'
    port:
      name: http
      number: 80
      protocol: HTTP

My goal is to change it to this:

spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
      tls:
        httpsRedirect: true # sends 301 redirect for http requests
    - port:
        number: 443
        name: https-443
        protocol: HTTPS
      hosts:
        - "*"
      tls:
        mode: SIMPLE # enables HTTPS on this port
        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
        privateKey: /etc/istio/ingressgateway-certs/tls.key

I believe that the ObjectOverlay that I should add to the first YAML block above should start with something like this:

        k8s:
          overlays:
            - apiVersion: networking.istio.io/v1beta1
              Kind: Gateway
              name: ingressgateway
              patches:
                - path: spec.servers.

but I don't know how to specify that I want to add tls.httpsRedirect: true to the first list item, or how to create a list item with the relatively complicated values above.

The PathValue docs I linked above are not clear to me. Istio itself just links to StackOverflow with the [Istio] Tag, so I guess this is where I come for help.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

This is a part of an overlay that will add another server entry with some example specs. Just tweak it to be the way you want it to be. You can also override your first server entry with a path of spec.servers[0] and then set the value to whatever you want it to be.

ingressGateways: 
  - enabled: true
    k8s:
      overlays:
      - apiVersion: networking.istio.io/v1alpha3
        kind: Gateway
        name: ingressgateway
        patches:
        - path: spec.servers[1]
          value:
            hosts:
              - '*.example.com'
            port:
              name: https
              number: 443
              protocol: HTTPS
            tls:
              credentialName: example-cert
              mode: SIMPLE
              privateKey: sds
              serverCertificate: sds

Update: I haven't tried it out, but you could try just defining that expression as the path path, i think it then just set that single value inside the rest of the object:

- path: spec.servers[0].tls.httpsRedirect
  value: true

It might be necessary to define the entire tls object though, i'm not sure right now if it'd be valid with just the httpsRedirect attribute defined.

- path: spec.servers[0].tls
  value: 
    httpsRedirect: true
    other required attributes defined here just like httpsRedirect

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...