Istio - 将请求重定向到外部 url

Istio - redirect request to external url

我正在尝试使用 istio 在 Kubernetes 集群中设置代理服务。我创建了两个不同的域。如果域是 foo.com,则应将其重定向到外部 URL,否则应将其路由到应用程序服务器。我已经使用虚拟服务和服务条目配置了它。但是当我点击 foo.com 时,它正在跳过授权 header。我需要授权 header 来处理请求。有什么办法可以解决这个问题吗?提前致谢。

VirtualService.yaml

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: external-svc-https
spec:
  hosts:
  - foo.com
  location: MESH_EXTERNAL
  ports:
  - number: 443
    name: https
    protocol: TLS
  resolution: DNS
---
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: redirect
  namespace: default
  labels:
    app: foo
    env: staging
spec:
  hosts:
    - foo.com
  gateways:
    - istio-system/gateway
  http:
    - match:
        - uri:
            prefix: /
      redirect:
        authority: bar.com

如果在 foo.com 域被命中时重定向

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: github
spec:
  hosts:
  - "raw.githubusercontent.com"
  location: MESH_EXTERNAL
  ports:
  - number: 443
    name: https
    protocol: TLS
  resolution: DNS

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: webserver
spec:
  hosts:
  - foo.com
  http:
  - match:
    - uri:
        regex: ".*"
    rewrite:
      uri: "/mcasperson/NodejsProxy/master/externalservice1.txt"
      authority: raw.githubusercontent.com
    route:
    - destination:
        host: raw.githubusercontent.com
        port:
          number: 443

规则

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: github
spec:
  host: "raw.githubusercontent.com"
  trafficPolicy:
    tls:
      mode: SIMPLE

阅读更多内容:https://octopus.com/blog/istio/istio-serviceentry