Ambassador的全局配置,可以通過Module模塊配置Ambassador的一些全局的配置參數。當前只有兩種Module模塊:
-
ambassador:配置全局的系統參數。
-
tls:配置tls參數
Module可以以CRDs方式定義。
---
apiVersion: getambassador.io/v1
kind: Module
metadata:
name: ambassador
spec:
config:
enable_grpc_web: true
---
apiVersion: getambassador.io/v1
kind: Module
metadata:
name: tls
spec:
config:
server:
enabled: true
secret: ambassador-certs
redirect_cleartext_from: 8080
也可以以註解的方式定義,可以定義在任何Service中,但通常定義在Ambassador Service中,定義在Service中,也是全局生效。
---
apiVersion: v1
kind: Service
metadata:
name: ambassador
annotations:
getambassador.io/config: |
---
apiVersion: getambassador.io/v1
kind: Module
name: ambassador
config:
enable_grpc_web: True
---
apiVersion: getambassador.io/v1
kind: Module
name: tls
config:
server:
enabled: true
secret: ambassador-certs
redirect_cleartext_from: 8080
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
selector:
service: ambassador
實驗環境接上節Ambassador系列-01-介紹、安裝和使用。
下面舉一例子,Ambassador支持在每個請求上運行內聯Lua腳本的功能。 例如添加自定義的報文頭。
vi ambassador-module.yaml
---
apiVersion: getambassador.io/v1
kind: Module
metadata:
name: ambassador
spec:
config:
lua_scripts: |
function envoy_on_response(response_handle)
response_handle:headers():add("Lua-Scripts-Enabled", "Processed")
end
kubectl apply -f ambassador-module.yaml
module.getambassador.io/ambassador created
kubectl get module
NAME AGE
ambassador 53s
可以看到增加了一個響應頭"lua-scripts-enabled: Processed"。
curl -i http://192.168.1.50:38080
HTTP/1.1 200 OK
date: Sat, 07 Dec 2019 02:52:59 GMT
content-type: text/plain
server: envoy
x-envoy-upstream-service-time: 7
lua-scripts-enabled: Processed
transfer-encoding: chunked
Hostname: echo-5599595fd9-ffxpn
Pod Information:
node name: k8s-node2
pod name: echo-5599595fd9-ffxpn
pod namespace: default
pod IP: 10.244.2.4
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=10.244.1.5
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://192.168.1.50:8080/
Request Headers:
accept=*/*
content-length=0
host=192.168.1.50:38080
user-agent=curl/7.29.0
x-envoy-expected-rq-timeout-ms=3000
x-envoy-internal=true
x-envoy-original-path=/
x-forwarded-for=10.244.0.0
x-forwarded-proto=http
x-request-id=c294858d-bdfe-4c66-b5e0-ad48db281dfe
Request Body:
-no body in request-
Ambassador系列文章
Ambassador系列-06-金絲雀發佈、斷路器、CORS和流量鏡像
Ambassador系列-07-TCP映射TCPMapping
Ambassador系列-08-TLS配置-HTTPS重定向和TLS終結
Ambassador系列-09-AuthService認證服務