EnvoyFilterUsesRelativeOperation

消息名称EnvoyFilterUsesRelativeOperation
消息代码IST0151
描述This EnvoyFilter does not have a priority and has a relative patch operation set which can cause the EnvoyFilter not to be applied. Using the INSERT_FIRST or ADD option or setting the priority may help in ensuring the EnvoyFilter is applied correctly.
等级Warning

EnvoyFilter 没有优先级且使用相对补丁操作(INVALIDMERGEREMOVEINSERT_BEFOREINSERT_AFTERREPLACE)时, 会出现此消息。使用相对补丁操作意味着当评估当前的 EnvoyFilter 过滤器时该操作依赖于另一个过滤器。 为了确保按照用户想要的顺序应用 EnvoyFilters,应该赋予一个优先级或者应该使用一个非相对操作(ADDINSERT_FIRST)。

示例

以一个带有 INSERT_BEFORE 补丁操作的 EnvoyFilter 为例:

  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: EnvoyFilter
  3. metadata:
  4. name: test-relative
  5. namespace: bookinfo
  6. spec:
  7. workloadSelector:
  8. labels:
  9. app: reviews2
  10. configPatches:
  11. # 第一个补丁将 Lua 过滤器添加到 listener/http 连接管理器
  12. - applyTo: HTTP_FILTER
  13. match:
  14. context: SIDECAR_INBOUND
  15. listener:
  16. portNumber: 8080
  17. filterChain:
  18. filter:
  19. name: "envoy.filters.network.http_connection_manager"
  20. subFilter:
  21. name: "envoy.filters.http.router"
  22. patch:
  23. operation: INSERT_BEFORE
  24. value: # Lua 过滤器规范
  25. name: envoy.lua
  26. typed_config:
  27. "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
  28. inlineCode: |
  29. function envoy_on_request(request_handle)
  30. -- Make an HTTP call to an upstream host with the following headers, body, and timeout.
  31. local headers, body = request_handle:httpCall(
  32. "lua_cluster",
  33. {
  34. [":method"] = "POST",
  35. [":path"] = "/acl",
  36. [":authority"] = "internal.org.net"
  37. },
  38. "authorize call",
  39. 5000)
  40. end

如何修复

由于原来使用了 INSERT_BEFORE 的相对操作,所以现在将其更改为 INSERT_FIRST 的绝对操作将解决这个问题:

  1. apiVersion: networking.istio.io/v1alpha3
  2. kind: EnvoyFilter
  3. metadata:
  4. name: test-relative
  5. namespace: bookinfo
  6. spec:
  7. workloadSelector:
  8. labels:
  9. app: reviews2
  10. configPatches:
  11. # 第一个补丁将 Lua 过滤器添加到 listener/http 连接管理器
  12. - applyTo: HTTP_FILTER
  13. match:
  14. context: SIDECAR_INBOUND
  15. listener:
  16. portNumber: 8080
  17. filterChain:
  18. filter:
  19. name: "envoy.filters.network.http_connection_manager"
  20. subFilter:
  21. name: "envoy.filters.http.router"
  22. patch:
  23. operation: INSERT_FIRST
  24. value: # Lua 过滤器规范
  25. name: envoy.lua
  26. typed_config:
  27. "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
  28. inlineCode: |
  29. function envoy_on_request(request_handle)
  30. -- Make an HTTP call to an upstream host with the following headers, body, and timeout.
  31. local headers, body = request_handle:httpCall(
  32. "lua_cluster",
  33. {
  34. [":method"] = "POST",
  35. [":path"] = "/acl",
  36. [":authority"] = "internal.org.net"
  37. },
  38. "authorize call",
  39. 5000)
  40. end