Istio HTTPMatchRequest 似乎使用 OR 逻辑而不是记录的 AND 逻辑来匹配请求
Istio HTTPMatchRequest seems to match request using OR logic instead of the documented AND logic
根据 https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/#HTTPMatchRequest ,
HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom end-user header with value jason.
我认为这意味着匹配应该是 AND 类型。
下面是一个 istio 虚拟服务定义。根据上述定义,我假设此虚拟服务仅允许 POST /status/...
形式的请求
但是,似乎逻辑实际上是或,即 POST 请求或(例如,GET /status/xxx)请求通过。谁能解释或更正我的配置。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
- uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port
输出
$ siege -c1 -d1 --content-type "application/json" '127.0.0.1:31380/delay/2 POST {"ids": ["1","2","3"]}' ==> not a request to /status/.. , why does this match
HTTP/1.1 200 2.00 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
HTTP/1.1 200 2.01 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
..
$ siege -c1 -d1 127.0.0.1:31380/status/200 ====================> not a POST request , why does this match
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
..
解决了,我在uri前面有个“-”
正确的配置应该是
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port
根据 https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/#HTTPMatchRequest ,
HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom end-user header with value jason.
我认为这意味着匹配应该是 AND 类型。
下面是一个 istio 虚拟服务定义。根据上述定义,我假设此虚拟服务仅允许 POST /status/...
形式的请求但是,似乎逻辑实际上是或,即 POST 请求或(例如,GET /status/xxx)请求通过。谁能解释或更正我的配置。
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
- uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port
输出
$ siege -c1 -d1 --content-type "application/json" '127.0.0.1:31380/delay/2 POST {"ids": ["1","2","3"]}' ==> not a request to /status/.. , why does this match
HTTP/1.1 200 2.00 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
HTTP/1.1 200 2.01 secs: 1072 bytes ==> POST http://127.0.0.1:31380/delay/2
..
$ siege -c1 -d1 127.0.0.1:31380/status/200 ====================> not a POST request , why does this match
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
HTTP/1.1 200 0.00 secs: 0 bytes ==> GET /status/200
..
解决了,我在uri前面有个“-”
正确的配置应该是
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: "httpbin-virtual-service"
spec:
hosts:
- "*"
gateways:
- my-istio-gateway
http:
- match:
- method:
exact: POST
uri:
prefix: /status
route:
- destination:
host: "httpbin"
port:
number: 80 # application port