我有一个混合器策略和适配器,它将在传递的令牌中查找auth_key,但是它适用于默认名称空间中的所有pod。我需要能够访问默认名称空间中的两个Pod才能登录并被授予标头,使我能够通过此规则。因此,我可以列出要将此规则应用于的吊舱的名称,而不是将其应用于所有容器吗?
# handler for adapter mygrpcadapter
apiVersion: "config.istio.io/v1alpha2"
kind: handler
metadata:
name: h1
namespace: istio-system
spec:
adapter: mygrpcadapter
connection:
# address: "[::]:44225"
address: "mygrpcadapterservice:44225"
#address: "35.184.34.117:44225"
params:
auth_key: "Bearer"
---
apiVersion: "config.istio.io/v1alpha2"
kind: instance
metadata:
name: icheck
namespace: istio-system
spec:
template: authorization
params:
subject:
properties:
custom_token_header: request.headers["authorization"]
---
# rule to dispatch to handler h1
apiVersion: "config.istio.io/v1alpha2"
kind: rule
metadata:
name: r1
namespace: istio-system
spec:
actions:
- handler: h1.istio-system
instances:
- icheck
---
答案 0 :(得分:1)
Istio Mixer Rules具有match属性,您可以使用它通过匹配Istio Mixer attributes来指定在哪里应用规则。
例如,来自Istio文档:
match(destination.service.host,“ ratings。*”)选择任何请求 定位名称以“ ratings”开头的服务