欢迎关注我的公众号:
目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:
istio多集群探秘,部署了50次多集群后我得出的结论
istio多集群链路追踪,附实操视频
istio防故障利器,你知道几个,istio新手不要读,太难!
istio业务权限控制,原来可以这么玩
istio实现非侵入压缩,微服务之间如何实现压缩
不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限
不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs
不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了
不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization
不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs
不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs
不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr
不懂envoyfilter也敢说精通istio系列-08-连接池和断路器
不懂envoyfilter也敢说精通istio系列-09-http-route filter
不懂envoyfilter也敢说精通istio系列-network filter-redis proxy
不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager
不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册
————————————————
//创建proxy命令
func NewCmdProxy(f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command {
cmd := &cobra.Command{//创建cobra命令
Use: "proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]",
DisableFlagsInUseLine: true,
Short: i18n.T("Run a proxy to the Kubernetes API server"),
Long: proxyLong,
Example: proxyExample,
Run: func(cmd *cobra.Command, args []string) {
err := RunProxy(f, streams.Out, cmd)//运行
cmdutil.CheckErr(err)
},
}
cmd.Flags().StringP("www", "w", "", "Also serve static files from the given directory under the specified prefix.")//www选项
cmd.Flags().StringP("www-prefix", "P", "/static/", "Prefix to serve static files under, if static file directory is specified.")//www-prefix选项
cmd.Flags().StringP("api-prefix", "", "/", "Prefix to serve the proxied API under.")//api-prefix选项
cmd.Flags().String("accept-paths", proxy.DefaultPathAcceptRE, "Regular expression for paths that the proxy should accept.")//accept-paths选项
cmd.Flags().String("reject-paths", proxy.DefaultPathRejectRE, "Regular expression for paths that the proxy should reject. Paths specified here will be rejected even accepted by --accept-paths.")//reject-paths选项
cmd.Flags().String("accept-hosts", proxy.DefaultHostAcceptRE, "Regular expression for hosts that the proxy should accept.")//accept-hosts选项
cmd.Flags().String("reject-methods", proxy.DefaultMethodRejectRE, "Regular expression for HTTP methods that the proxy should reject (example --reject-methods='POST,PUT,PATCH'). ")//reject-methos选项
cmd.Flags().IntP("port", "p", defaultPort, "The port on which to run the proxy. Set to 0 to pick a random port.")//port选项
cmd.Flags().StringP("address", "", "127.0.0.1", "The IP address on which to serve on.")//address选项
cmd.Flags().Bool("disable-filter", false, "If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.")//disable-filter选项
cmd.Flags().StringP("unix-socket", "u", "", "Unix socket on which to run the proxy.")//unix-socket选项
cmd.Flags().Duration("keepalive", 0, "keepalive specifies the keep-alive period for an active network connection. Set to 0 to disable keepalive.")//keepalive选项
return cmd
}
//运行
func RunProxy(f cmdutil.Factory, out io.Writer, cmd *cobra.Command) error {
path := cmdutil.GetFlagString(cmd, "unix-socket")//获取unix-socket path
port := cmdutil.GetFlagInt(cmd, "port")//获取端口
address := cmdutil.GetFlagString(cmd, "address")//获取地址
if port != defaultPort && path != "" {//不能同时指定unix-socket和端口
return errors.New("Don't specify both --unix-socket and --port")
}
clientConfig, err := f.ToRESTConfig()//获取restconfig
if err != nil {
return err
}
staticPrefix := cmdutil.GetFlagString(cmd, "www-prefix")//获取www-prefix
if !strings.HasSuffix(staticPrefix, "/") {//staticPrefix追加/
staticPrefix += "/"
}
staticDir := cmdutil.GetFlagString(cmd, "www")//获取www选项
if staticDir != "" {// www选项不为空
fileInfo, err := os.Stat(staticDir)//判断路径是否存在,并且为目录
if err != nil {
klog.Warning("Failed to stat static file directory "+staticDir+": ", err)
} else if !fileInfo.IsDir() {
klog.Warning("Static file directory " + staticDir + " is not a directory")
}
}
apiProxyPrefix := cmdutil.GetFlagString(cmd, "api-prefix")//获取api-prefix选项
if !strings.HasSuffix(apiProxyPrefix, "/") {//api-prefix加/
apiProxyPrefix += "/"
}
filter := &proxy.FilterServer{//构造过滤器
AcceptPaths: proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "accept-paths")),//accept-paths过滤器
RejectPaths: proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "reject-paths")),//reject-paths过滤器
AcceptHosts: proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "accept-hosts")),//accept-hosts过滤器
RejectMethods: proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "reject-methods")),//reject-methods过滤器
}
if cmdutil.GetFlagBool(cmd, "disable-filter") {//获取disable-filter选项
if path == "" {
klog.Warning("Request filter disabled, your proxy is vulnerable to XSRF attacks, please be cautious")
}
filter = nil//设置filter为空
}
keepalive := cmdutil.GetFlagDuration(cmd, "keepalive")//获取keepalived
server, err := proxy.NewServer(staticDir, apiProxyPrefix, staticPrefix, filter, clientConfig, keepalive)//构造server
// Separate listening from serving so we can report the bound port
// when it is chosen by os (eg: port == 0)
var l net.Listener
if path == "" {//获取监听器
l, err = server.Listen(address, port)
} else {
l, err = server.ListenUnix(path)
}
if err != nil {
klog.Fatal(err)
}
fmt.Fprintf(out, "Starting to serve on %s\n", l.Addr().String())
klog.Fatal(server.ServeOnListener(l))//启动服务
return nil
}
