将混合器策略应用于特定服务
Apply mixer policy to specific services
我有一个混合器策略和适配器,它会在我传递的令牌中查找 auth_key,但它适用于我默认命名空间中的所有 pods。我需要能够在默认命名空间中访问我的两个 pods 才能登录并获得一个 header,这将使我能够通过此规则。那么我可以列出 pods 我想应用此规则而不是应用到所有的名称吗?
# handler for adapter mygrpcadapter
apiVersion: "config.istio.io/v1alpha2"
kind: handler
metadata:
name: h1
namespace: istio-system
spec:
adapter: mygrpcadapter
connection:
# address: "[::]:44225"
address: "mygrpcadapterservice:44225"
#address: "35.184.34.117:44225"
params:
auth_key: "Bearer"
---
apiVersion: "config.istio.io/v1alpha2"
kind: instance
metadata:
name: icheck
namespace: istio-system
spec:
template: authorization
params:
subject:
properties:
custom_token_header: request.headers["authorization"]
---
# rule to dispatch to handler h1
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: r1
namespace: istio-system
spec:
actions:
- handler: h1.istio-system
instances:
- icheck
---
Istio Mixer Rules have the match attribute, you can use it to specify where to apply the rule by matching Istio Mixer attributes.
例如,来自 Istio 文档:
match(destination.service.host, "ratings.*) selects any request
targeting a service whose name starts with “ratings”
我有一个混合器策略和适配器,它会在我传递的令牌中查找 auth_key,但它适用于我默认命名空间中的所有 pods。我需要能够在默认命名空间中访问我的两个 pods 才能登录并获得一个 header,这将使我能够通过此规则。那么我可以列出 pods 我想应用此规则而不是应用到所有的名称吗?
# handler for adapter mygrpcadapter
apiVersion: "config.istio.io/v1alpha2"
kind: handler
metadata:
name: h1
namespace: istio-system
spec:
adapter: mygrpcadapter
connection:
# address: "[::]:44225"
address: "mygrpcadapterservice:44225"
#address: "35.184.34.117:44225"
params:
auth_key: "Bearer"
---
apiVersion: "config.istio.io/v1alpha2"
kind: instance
metadata:
name: icheck
namespace: istio-system
spec:
template: authorization
params:
subject:
properties:
custom_token_header: request.headers["authorization"]
---
# rule to dispatch to handler h1
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: r1
namespace: istio-system
spec:
actions:
- handler: h1.istio-system
instances:
- icheck
---
Istio Mixer Rules have the match attribute, you can use it to specify where to apply the rule by matching Istio Mixer attributes.
例如,来自 Istio 文档:
match(destination.service.host, "ratings.*) selects any request targeting a service whose name starts with “ratings”