Ambassador設計旨在讓Kubernetes服務的開發者可以輕鬆靈活地配置流量如何路由到該服務,其核心是Mapping資源,支持7層的HTTP,GRPC和Websocket,也可以通過TCPMapping支持4層的TCP連接。Ambassador必須定義一個或多個Mapping才能訪問上游服務。
Mapping通過不同的配置選項實現不同的路由規則,下面進行說明。
增加Request Headers
Ambassador可以給上游服務的http請求中添加請求頭header。
vi echo-server-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
add_request_headers:
x-test-proto: "%PROTOCOL%"
x-test-ip: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
x-test-static: This is a test header
x-test-static-2:
value: This the test header #same as above x-test-static header
service: echo:8080
kubectl apply -f echo-server-mapping.yaml
curl -i http://192.168.1.50:38080/foo
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 07:25:09 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 1
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-2vfnt
Pod Information:
node name: k8s-node1
pod name: echo-5599595fd9-2vfnt
pod namespace: default
pod IP: 10.244.1.7
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.1.9
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://192.168.1.50:8080/
Request Headers:
accept=*/*
content-length=0
host=192.168.1.50:38080
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/foo
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=6075a013-5d50-48ec-9f56-4f2d0dca7bdc
x-test-ip=10.244.0.0
x-test-proto=HTTP/1.1
x-test-static=This is a test header
x-test-static-2=This the test header
Request Body:
-no body in request-
增加Response Headers
vi echo-server-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
add_response_headers:
x-test-static: This is a test header
service: echo:8080
kubectl apply -f echo-server-mapping.yaml
curl -i http://192.168.1.50:38080/foo
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 07:28:36 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 1
x-test-static: This is a test header
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-2vfnt
Pod Information:
node name: k8s-node1
pod name: echo-5599595fd9-2vfnt
pod namespace: default
pod IP: 10.244.1.7
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.1.9
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://192.168.1.50:8080/
Request Headers:
accept=*/*
content-length=0
host=192.168.1.50:38080
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/foo
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=45500d8e-5e76-49b8-9c75-6726f6cb47d6
Request Body:
-no body in request-
刪除Request Headers
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
remove_request_headers:
- authorization
service: echo:8080
刪除Response Headers
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
remove_response_headers:
- x-envoy-upstream-service-time
service: echo:8080
使用host或者host_regex路由
Ambassador支持按照host或者host正則表達式進行路由分發。
vi echo-server-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
host: example-echo.com
service: echo:8080
kubectl apply -f echo-server-mapping.yaml
curl -i -H "Host: example-echo.com" http://192.168.1.50:38080/foo
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 07:41:21 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 5
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-2vfnt
Pod Information:
node name: k8s-node1
pod name: echo-5599595fd9-2vfnt
pod namespace: default
pod IP: 10.244.1.7
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.2.7
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://example-echo.com:8080/
Request Headers:
accept=*/*
content-length=0
host=example-echo.com
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/foo
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=dd4601b5-5d6f-4b15-bb9b-36cd69aac8b1
Request Body:
-no body in request-
host改寫host_rewrite
有些上游服務區分主機host,Ambassador分發到上游服務時可以改寫host請求頭。
vi echo-server-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /foo
host_rewrite: example-echo.com
service: echo:8080
kubectl apply -f echo-server-mapping.yaml
curl -i http://192.168.1.50:38080/foo
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 07:54:48 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 11
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-ffxpn
Pod Information:
node name: k8s-node2
pod name: echo-5599595fd9-ffxpn
pod namespace: default
pod IP: 10.244.2.6
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.2.7
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://example-echo.com:8080/
Request Headers:
accept=*/*
content-length=0
host=example-echo.com
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/foo
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=aa8a6982-bf11-4650-b6f3-17d830a402fd
Request Body:
-no body in request-
使用路徑前綴prefix或者prefix_regex路由
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: echo-server-mapping
spec:
prefix: /
service: echo:8080
重定向
主機重定向Host Redirect。請求http://$AMBASSADOR_URL/redirect時會返回301,重定向到http://www.baidu.com/redirect。
vi redirect-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: redirect-mapping
spec:
prefix: /redirect
service: www.baidu.com
host_redirect: true
kubectl apply -f redirect-mapping.yaml
curl -i -L http://192.168.1.50:38080/redirect
HTTP/1.1 301 Moved Permanently
location: http://www.baidu.com/redirect
lua-scripts-enabled: Processed
date: Sat, 07 Dec 2019 11:41:01 GMT
server: envoy
content-length: 0
HTTP/1.1 302 Found
Cache-Control: max-age=86400
Connection: Keep-Alive
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 07 Dec 2019 11:41:01 GMT
Expires: Sun, 08 Dec 2019 11:41:01 GMT
Location: https://www.baidu.com/search/error.html
Server: Apache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Connection: Keep-Alive
Content-Length: 15852
Content-Type: text/html
Date: Sat, 07 Dec 2019 11:41:02 GMT
Etag: "3dec-57b3a9a43af80"
Expires: Sun, 08 Dec 2019 11:41:02 GMT
Last-Modified: Thu, 22 Nov 2018 06:01:50 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=8291E8A91272E7E222C7C17DF16BFE66:FG=1; expires=Sun, 06-Dec-20 11:41:02 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Vary: Accept-Encoding,User-Agent
<!DOCTYPE html>
<!--STATUS OK-->
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<meta content="always" name="referrer">
<script src="https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/nocache/imgdata/seErrorRec.js"></script>
<title>頁面不存在_百度搜索</title>
......
主機和路徑重定向Host Redirect+Path Redirect,請求http://$AMBASSADOR_URL/redirect時會返回301,重定向到http://www.baidu.com/ip。
vi redirect-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: redirect-mapping
spec:
prefix: /redirect
service: www.baidu.com
host_redirect: true
path_redirect: /ip
kubectl apply -f redirect-mapping.yaml
curl -i -L http://192.168.1.50:38080/redirect
HTTP/1.1 301 Moved Permanently
location: http://www.baidu.com/ip
lua-scripts-enabled: Processed
date: Sat, 07 Dec 2019 11:51:35 GMT
server: envoy
content-length: 0
HTTP/1.1 302 Found
Cache-Control: max-age=86400
Connection: Keep-Alive
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 07 Dec 2019 11:51:36 GMT
Expires: Sun, 08 Dec 2019 11:51:36 GMT
Location: https://www.baidu.com/search/error.html
Server: Apache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Connection: Keep-Alive
Content-Length: 15852
Content-Type: text/html
Date: Sat, 07 Dec 2019 11:51:36 GMT
Etag: "3dec-57b3a9a43af80"
Expires: Sun, 08 Dec 2019 11:51:36 GMT
Last-Modified: Thu, 22 Nov 2018 06:01:50 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: Apache
Set-Cookie: BAIDUID=E2C2E199B52AE9299C1446F31FC46288:FG=1; expires=Sun, 06-Dec-20 11:51:36 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
Vary: Accept-Encoding,User-Agent
<!DOCTYPE html>
<!--STATUS OK-->
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<meta content="always" name="referrer">
<script src="https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/nocache/imgdata/seErrorRec.js"></script>
<title>頁面不存在_百度搜索</title>
......
重寫Rewrites
不指定rewrite,默認方式,訪問http://$AMBASSADOR_URL/prefix/status/200時,重寫爲http://httpbin/status/200。
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: httpbin2-mapping
spec:
prefix: /prefix
service: httpbin
指定rewrite,訪問http://$AMBASSADOR_URL/prefix/status/200時,重寫爲http://httpbin/status/200。
vi httpbin2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: httpbin2-mapping
spec:
prefix: /prefix
service: httpbin
kubectl apply -f httpbin2-mapping.yaml
curl -i http://192.168.1.50:38080/httpstatus/200
HTTP/1.1 200 OK
server: envoy
date: Sat, 07 Dec 2019 12:06:57 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 6
lua-scripts-enabled: Processed
rewrite爲空字符串,訪問http://$AMBASSADOR_URL/status/200時,重寫爲http://httpbin/status/200。
vi httpbin2-mapping.yaml
---
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: httpbin2-mapping
spec:
prefix: /status
service: httpbin
rewrite: ""
kubectl apply -f httpbin2-mapping.yaml
curl -i http://192.168.1.50:38080/status/200
HTTP/1.1 200 OK
server: envoy
date: Sat, 07 Dec 2019 12:10:09 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
x-envoy-upstream-service-time: 11
lua-scripts-enabled: Processed
自動重試Automatic Retries
retry_on:(必填)指定重試失敗請求的條件,支持的值列表爲以下值之一:
5xx
gateway-error
connect-failure
retriable-4xx
refused-stream
retriable-status-codes
num_retries:(缺省值1) 重試次數
per_try_timeout:(缺省值爲全局的請求超時時間)每次重試的超時時間。
Ambassador系列文章
Ambassador系列-06-金絲雀發佈、斷路器、CORS和流量鏡像
Ambassador系列-07-TCP映射TCPMapping
Ambassador系列-08-TLS配置-HTTPS重定向和TLS終結
Ambassador系列-09-AuthService認證服務