├── .gitignore ├── README.md ├── envoy.filters.http.wasm.md └── propagate-headers-filter ├── Cargo.toml ├── config ├── annotations │ └── patch-annotations.yaml ├── envoy │ ├── Dockerfile.proxy.local │ ├── Dockerfile.proxy.remote │ ├── envoy-local-wasm.yaml │ ├── envoy-remote-wasm-1.yaml │ ├── envoy-remote-wasm-2.yaml │ └── envoy-remote-wasm.yaml.template ├── envoyfilter │ ├── hello1_v2_envoyfilter.yaml │ └── hello2_v2_envoyfilter.yaml ├── kube │ ├── hello1_deployment.yaml │ ├── hello1_service.yaml │ ├── hello2_deployment.yaml │ ├── hello2_service.yaml │ ├── hello3_deployment.yaml │ ├── hello3_service.yaml │ └── hello_serviceaccount.yaml ├── lua.envoyfilter │ ├── hello1_v2_lua_envoyfilter.yaml │ └── hello2_v2_lua_envoyfilter.yaml └── mesh │ ├── hello1_destinationrule.yaml │ ├── hello1_virtualservice.yaml │ ├── hello2_destinationrule.yaml │ ├── hello2_virtualservice.yaml │ ├── hello3_destinationrule.yaml │ └── hello3_virtualservice.yaml ├── docker-compose-remote.yaml ├── docker-compose.yaml ├── press ├── common │ ├── config │ └── deploy.sh ├── lua-sidecar │ ├── gw38001.yaml │ └── press.sh ├── press.sh ├── readme.md ├── sidecar │ ├── gw18001.yaml │ └── press.sh └── wasm-sidecar │ ├── gw28001.yaml │ └── press.sh ├── sh ├── local │ ├── 1-build.sh │ ├── 2-run.sh │ └── 3-test.sh ├── remote-configmap │ ├── 1-build.sh │ ├── 2-deploy.sh │ ├── 3-hello1v2.envoy.config.sh │ ├── 4-configmap.sh │ ├── 5-test.sh │ ├── 6-hello1v2-envoy-log.sh │ ├── 7-hello2v1-log.sh │ └── config └── remote-http │ ├── 1-build.sh │ ├── 2-sum.sh │ ├── 3-run_http_server.sh │ ├── 4-run.sh │ └── 5-test.sh └── src └── propagate_headers.rs /.gitignore: -------------------------------------------------------------------------------- 1 | # Generated by Cargo 2 | # will have compiled files and executables 3 | debug/ 4 | target/ 5 | 6 | # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries 7 | # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html 8 | Cargo.lock 9 | 10 | # These are backup files generated by rustfmt 11 | **/*.rs.bk 12 | .idea 13 | .DS_Store 14 | _result -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # rust-wasm-4-envoy 2 | 3 | ```bash 4 | rustup toolchain install nightly 5 | rustup target add wasm32-unknown-unknown --toolchain nightly 6 | ``` 7 | 8 | ### PropagandaFilter 9 | 10 | #### dev 11 | ```bash 12 | cargo new --lib propaganda-filter 13 | ``` 14 | 15 | ```bash 16 | vi propaganda-filter/Cargo.toml 17 | 18 | [lib] 19 | crate-type = ["cdylib"] 20 | 21 | [dependencies] 22 | proxy-wasm = "0.1.3" 23 | ``` 24 | 25 | ```bash 26 | cd propaganda-filter 27 | sh build.sh 28 | ``` 29 | 30 | #### test 31 | 32 | ```bash 33 | docker-compose up --build 34 | ``` 35 | 36 | ```bash 37 | curl -H "token":"323232" 0.0.0.0:18000 38 | ``` 39 | 40 | 41 | 42 | ## Reference 43 | 44 | ### Proxy WASM SDK 45 | - 46 | - -------------------------------------------------------------------------------- /envoy.filters.http.wasm.md: -------------------------------------------------------------------------------- 1 | ## [协议] extensions.filters.http.wasm.v3.Wasm 2 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/wasm/v3/wasm.proto 3 | ```json 4 | { 5 | "config": "{...}" 6 | } 7 | ``` 8 | 9 | ### config extensions.wasm.v3.PluginConfig 10 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#envoy-v3-api-msg-extensions-wasm-v3-pluginconfig 11 | ```json 12 | { 13 | "name": "...", 14 | "root_id": "...", 15 | "vm_config": "{...}", 16 | "": "{...}", 17 | "fail_open": "..." 18 | } 19 | ``` 20 | 21 | ### vm_config extensions.wasm.v3.VmConfig 22 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#envoy-v3-api-msg-extensions-wasm-v3-vmconfig 23 | 24 | ```json 25 | { 26 | "vm_id": "...", 27 | "runtime": "...", 28 | "code": "{...}", 29 | "configuration": "{...}", 30 | "allow_precompiled": "...", 31 | "nack_on_code_cache_miss": "..." 32 | } 33 | ``` 34 | 35 | ### code config.core.v3.AsyncDataSource 36 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-asyncdatasource 37 | 38 | ```json 39 | { 40 | "local": "{...}", 41 | "remote": "{...}" 42 | } 43 | ``` 44 | 45 | #### local config.core.v3.DataSource 46 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-datasource 47 | ```json 48 | { 49 | "filename": "...", 50 | "inline_bytes": "...", 51 | "inline_string": "..." 52 | } 53 | ``` 54 | - filename (string) Local filesystem data source. 55 | - inline_bytes (bytes) Bytes inlined in the configuration. 56 | - inline_string (string) String inlined in the configuration. 57 | 58 | #### remote config.core.v3.RemoteDataSource 59 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-remotedatasource 60 | ```json 61 | { 62 | "http_uri": "{...}", 63 | "sha256": "...", 64 | "retry_policy": "{...}" 65 | } 66 | ``` 67 | - http_uri (config.core.v3.HttpUri, REQUIRED) The HTTP URI to fetch the remote data. 68 | - sha256 (string, REQUIRED) SHA256 string for verifying data. 69 | - retry_policy (config.core.v3.RetryPolicy) Retry policy for fetching remote data. 70 | 71 | #### http_uri config.core.v3.HttpUri 72 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/http_uri.proto#envoy-v3-api-msg-config-core-v3-httpuri 73 | ```json 74 | { 75 | "uri": "...", 76 | "cluster": "...", 77 | "timeout": "{...}" 78 | } 79 | ``` 80 | - uri (string, REQUIRED) The HTTP server URI. It should be a full FQDN with protocol, host and path. 81 | - cluster (string, REQUIRED) A cluster is created in the Envoy “cluster_manager” config section. This field specifies the cluster name. 82 | - timeout ([Duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration), REQUIRED) 83 | Sets the maximum duration in milliseconds that a response can take to arrive upon request. 84 | 85 | #### retry_policy config.core.v3.RetryPolicy 86 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-retrypolicy 87 | ```json 88 | { 89 | "retry_back_off": "{...}", 90 | "num_retries": "{...}" 91 | } 92 | ``` 93 | - retry_back_off (config.core.v3.BackoffStrategy) Specifies parameters that control retry backoff strategy. 94 | This parameter is optional, in which case the default base interval is 1000 milliseconds. 95 | The default maximum interval is 10 times the base interval. 96 | - num_retries (UInt32Value) Specifies the allowed number of retries. This parameter is optional and defaults to 1. 97 | 98 | #### retry_back_off config.core.v3.BackoffStrategy 99 | https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/backoff.proto#envoy-v3-api-msg-config-core-v3-backoffstrategy 100 | ```json 101 | { 102 | "base_interval": "{...}", 103 | "max_interval": "{...}" 104 | } 105 | ``` 106 | - base_interval (Duration, REQUIRED) The base interval to be used for the next back off computation. 107 | It should be greater than zero and less than or equal to max_interval. 108 | - max_interval (Duration) Specifies the maximum interval between retries. 109 | This parameter is optional, but must be greater than or equal to the base_interval if set. 110 | The default is 10 times the base_interval. -------------------------------------------------------------------------------- /propagate-headers-filter/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "propaganda-filter" 3 | version = "0.1.0" 4 | authors = ["六翁 "] 5 | edition = "2018" 6 | 7 | [lib] 8 | name = "propaganda_filter" 9 | path = "src/propagate_headers.rs" 10 | crate-type = ["cdylib"] 11 | 12 | [dependencies] 13 | proxy-wasm = "0.1.3" 14 | serde_json = "1.0.62" 15 | log = "0.4.14" -------------------------------------------------------------------------------- /propagate-headers-filter/config/annotations/patch-annotations.yaml: -------------------------------------------------------------------------------- 1 | spec: 2 | template: 3 | metadata: 4 | annotations: 5 | sidecar.istio.io/userVolume: '[{"name":"wasmfilters-dir","configMap": {"name":"propaganda-header"}}]' 6 | sidecar.istio.io/userVolumeMount: '[{"mountPath":"/var/local/lib/wasm-filters","name":"wasmfilters-dir"}]' -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/Dockerfile.proxy.local: -------------------------------------------------------------------------------- 1 | FROM istio/proxyv2:1.8.0 2 | ENTRYPOINT /usr/local/bin/envoy -c /etc/envoy-local-wasm.yaml -l info --service-cluster proxy -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/Dockerfile.proxy.remote: -------------------------------------------------------------------------------- 1 | FROM istio/proxyv2:1.8.1 2 | ENTRYPOINT /usr/local/bin/envoy -c /etc/envoy-remote-wasm.yaml -l debug --service-cluster proxy -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/envoy-local-wasm.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 80 7 | filter_chains: 8 | - filters: 9 | - name: envoy.filters.network.http_connection_manager 10 | typed_config: 11 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 12 | codec_type: auto 13 | stat_prefix: ingress_http 14 | route_config: 15 | name: local_route 16 | virtual_hosts: 17 | - name: local_service 18 | domains: 19 | - "*" 20 | routes: 21 | - match: 22 | prefix: "/" 23 | route: 24 | cluster: web_service 25 | http_filters: 26 | - name: envoy.filters.http.wasm 27 | typed_config: 28 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 29 | type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm 30 | value: 31 | config: 32 | name: "header_filter" 33 | root_id: "propaganda_filter" 34 | configuration: 35 | "@type": "type.googleapis.com/google.protobuf.StringValue" 36 | value: | 37 | { 38 | "head_tag_name": "custom-version", 39 | "head_tag_value": "hello1-v1" 40 | } 41 | vm_config: 42 | runtime: "envoy.wasm.runtime.v8" 43 | vm_id: "header_filter_vm" 44 | code: 45 | local: 46 | filename: "/etc/propaganda_filter.wasm" 47 | allow_precompiled: true 48 | - name: envoy.filters.http.router 49 | typed_config: {} 50 | clusters: 51 | - name: static_service 52 | connect_timeout: 10s 53 | dns_lookup_family: V4_ONLY 54 | type: strict_dns 55 | lb_policy: round_robin 56 | load_assignment: 57 | cluster_name: static_service 58 | endpoints: 59 | - lb_endpoints: 60 | - endpoint: 61 | address: 62 | socket_address: 63 | address: static_service 64 | port_value: 80 65 | - name: web_service 66 | connect_timeout: 0.25s 67 | dns_lookup_family: V4_ONLY 68 | type: strict_dns 69 | lb_policy: round_robin 70 | load_assignment: 71 | cluster_name: web_service 72 | endpoints: 73 | - lb_endpoints: 74 | - endpoint: 75 | address: 76 | socket_address: 77 | address: web_service 78 | port_value: 5678 79 | admin: 80 | access_log_path: "/dev/null" 81 | address: 82 | socket_address: 83 | address: 0.0.0.0 84 | port_value: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/envoy-remote-wasm-1.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - name: main 4 | address: 5 | socket_address: 6 | address: 0.0.0.0 7 | port_value: 80 8 | filter_chains: 9 | - filters: 10 | # - name: envoy.http_connection_manager 11 | - name: envoy.filters.network.http_connection_manager 12 | config: 13 | stat_prefix: ingress_http 14 | codec_type: auto 15 | route_config: 16 | name: local_route 17 | virtual_hosts: 18 | - name: local_service 19 | domains: 20 | - "*" 21 | routes: 22 | - match: 23 | prefix: "/" 24 | route: 25 | cluster: web_service 26 | http_filters: 27 | - name: envoy.filters.http.wasm 28 | config: 29 | config: 30 | name: "propaganda_filter" 31 | root_id: "propaganda_filter" 32 | vm_config: 33 | runtime: "envoy.wasm.runtime.v8" 34 | code: 35 | remote: 36 | http_uri: 37 | uri: "http://30.27.145.216:8000/propaganda_filter.wasm" 38 | cluster: web_service 39 | timeout: 40 | seconds: 60 41 | sha256: "da2e223bbb8c8072f50f519e8887dce4bc5f53a00eca5b05e983bc09476afa35" 42 | allow_precompiled: true 43 | - name: envoy.filters.http.router 44 | config: {} 45 | clusters: 46 | - name: web_service 47 | connect_timeout: 0.25s 48 | type: STRICT_DNS 49 | lb_policy: round_robin 50 | hosts: 51 | - socket_address: 52 | address: web_service 53 | port_value: 5678 54 | admin: 55 | access_log_path: "/dev/null" 56 | address: 57 | socket_address: 58 | address: 0.0.0.0 59 | port_value: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/envoy-remote-wasm-2.yaml: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - address: 4 | socket_address: 5 | address: 0.0.0.0 6 | port_value: 80 7 | filter_chains: 8 | - filters: 9 | - name: envoy.filters.network.http_connection_manager 10 | typed_config: 11 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager 12 | codec_type: auto 13 | stat_prefix: ingress_http 14 | route_config: 15 | name: local_route 16 | virtual_hosts: 17 | - name: local_service 18 | domains: 19 | - "*" 20 | routes: 21 | - match: 22 | prefix: "/" 23 | route: 24 | cluster: web_service 25 | http_filters: 26 | - name: envoy.filters.http.wasm 27 | typed_config: 28 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 29 | type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm 30 | value: 31 | config: 32 | name: "propaganda_filter" 33 | root_id: "propaganda_filter" 34 | configuration: 35 | "@type": "type.googleapis.com/google.protobuf.StringValue" 36 | value: | 37 | { 38 | "head_tag_name": "custom-version", 39 | "head_tag_value": "hello1-v1" 40 | } 41 | vm_config: 42 | runtime: "envoy.wasm.runtime.v8" 43 | vm_id: "propaganda_filter_vm" 44 | code: 45 | remote: 46 | http_uri: 47 | uri: http://192.168.3.146:8000/propaganda-filter.wasm 48 | cluster: static_service 49 | timeout: 5s 50 | sha256: "8fd25de50834453cdb239032f47f1aaf0644f92207e80dee1dd88fff16ef8a5d" 51 | allow_precompiled: true 52 | - name: envoy.filters.http.router 53 | typed_config: {} 54 | clusters: 55 | - name: static_service 56 | connect_timeout: 10s 57 | dns_lookup_family: V4_ONLY 58 | type: strict_dns 59 | lb_policy: round_robin 60 | load_assignment: 61 | cluster_name: static_service 62 | endpoints: 63 | - lb_endpoints: 64 | - endpoint: 65 | address: 66 | socket_address: 67 | address: static_service 68 | port_value: 80 69 | - name: web_service 70 | connect_timeout: 0.25s 71 | dns_lookup_family: V4_ONLY 72 | type: strict_dns 73 | lb_policy: round_robin 74 | load_assignment: 75 | cluster_name: web_service 76 | endpoints: 77 | - lb_endpoints: 78 | - endpoint: 79 | address: 80 | socket_address: 81 | address: web_service 82 | port_value: 5678 83 | admin: 84 | access_log_path: "/dev/null" 85 | address: 86 | socket_address: 87 | address: 0.0.0.0 88 | port_value: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoy/envoy-remote-wasm.yaml.template: -------------------------------------------------------------------------------- 1 | static_resources: 2 | listeners: 3 | - name: main 4 | address: 5 | socket_address: 6 | address: 0.0.0.0 7 | port_value: 80 8 | filter_chains: 9 | - filters: 10 | # - name: envoy.http_connection_manager 11 | - name: envoy.filters.network.http_connection_manager 12 | config: 13 | stat_prefix: ingress_http 14 | codec_type: auto 15 | route_config: 16 | name: local_route 17 | virtual_hosts: 18 | - name: local_service 19 | domains: 20 | - "*" 21 | routes: 22 | - match: 23 | prefix: "/" 24 | route: 25 | cluster: web_service 26 | http_filters: 27 | - name: envoy.filters.http.wasm 28 | config: 29 | config: 30 | name: "propaganda_filter" 31 | root_id: "propaganda_filter" 32 | vm_config: 33 | runtime: "envoy.wasm.runtime.v8" 34 | vm_id: "propaganda_filter_vm" 35 | code: 36 | remote: 37 | http_uri: 38 | uri: "http://HOST_IP:8000/propaganda-filter.wasm" 39 | cluster: web_service 40 | timeout: 41 | seconds: 60 42 | sha256: "SHA_256" 43 | allow_precompiled: true 44 | configuration: 45 | '@type': type.googleapis.com/google.protobuf.StringValue 46 | value: | 47 | { 48 | "head_tag_name": "custom-version", 49 | "head_tag_value": "hello1-v1" 50 | } 51 | - name: envoy.filters.http.router 52 | typed_config: {} 53 | clusters: 54 | - name: web_service 55 | connect_timeout: 0.25s 56 | type: STRICT_DNS 57 | lb_policy: round_robin 58 | hosts: 59 | - socket_address: 60 | address: web_service 61 | port_value: 5678 62 | admin: 63 | access_log_path: "/dev/null" 64 | address: 65 | socket_address: 66 | address: 0.0.0.0 67 | port_value: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoyfilter/hello1_v2_envoyfilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: hello1v2-propaganda-filter 5 | spec: 6 | workloadSelector: 7 | labels: 8 | app: hello1-deploy-v2 9 | version: v2 10 | configPatches: 11 | - applyTo: HTTP_FILTER 12 | match: 13 | context: SIDECAR_OUTBOUND 14 | proxy: 15 | proxyVersion: "^1\\.8\\.*" 16 | listener: 17 | filterChain: 18 | filter: 19 | name: envoy.filters.network.http_connection_manager 20 | subFilter: 21 | name: envoy.filters.http.router 22 | patch: 23 | operation: INSERT_BEFORE 24 | value: 25 | name: envoy.filters.http.wasm 26 | typed_config: 27 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 28 | type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm 29 | value: 30 | config: 31 | name: propaganda_filter 32 | root_id: propaganda_filter_root 33 | configuration: 34 | '@type': type.googleapis.com/google.protobuf.StringValue 35 | value: | 36 | { 37 | "head_tag_name": "route-v", 38 | "head_tag_value": "hello2v2" 39 | } 40 | vm_config: 41 | runtime: envoy.wasm.runtime.v8 42 | vm_id: propaganda_filter_vm 43 | code: 44 | local: 45 | filename: /var/local/lib/wasm-filters/propaganda-header-filter.wasm 46 | allow_precompiled: true -------------------------------------------------------------------------------- /propagate-headers-filter/config/envoyfilter/hello2_v2_envoyfilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: hello2v2-propaganda-filter 5 | spec: 6 | workloadSelector: 7 | labels: 8 | app: hello2-deploy-v2 9 | version: v2 10 | configPatches: 11 | - applyTo: HTTP_FILTER 12 | match: 13 | context: SIDECAR_OUTBOUND 14 | proxy: 15 | proxyVersion: "^1\\.8\\.*" 16 | listener: 17 | filterChain: 18 | filter: 19 | name: envoy.filters.network.http_connection_manager 20 | subFilter: 21 | name: envoy.filters.http.router 22 | patch: 23 | operation: INSERT_BEFORE 24 | value: 25 | name: envoy.filters.http.wasm 26 | typed_config: 27 | "@type": type.googleapis.com/udpa.type.v1.TypedStruct 28 | type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm 29 | value: 30 | config: 31 | name: propaganda_filter 32 | root_id: propaganda_filter_root 33 | configuration: 34 | "@type": "type.googleapis.com/google.protobuf.StringValue" 35 | value: | 36 | { 37 | "head_tag_name": "route-v", 38 | "head_tag_value": "hello3v2" 39 | } 40 | vm_config: 41 | runtime: envoy.wasm.runtime.v8 42 | vm_id: propaganda_filter_vm 43 | code: 44 | local: 45 | filename: /var/local/lib/wasm-filters/propaganda-header-filter.wasm 46 | allow_precompiled: true -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello1_deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello1-deploy-v1 5 | labels: 6 | app: hello1-deploy-v1 7 | service: hello1-deploy 8 | version: v1 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: hello1-deploy-v1 14 | service: hello1-deploy 15 | version: v1 16 | template: 17 | metadata: 18 | labels: 19 | app: hello1-deploy-v1 20 | service: hello1-deploy 21 | version: v1 22 | spec: 23 | serviceAccountName: http-hello-sa 24 | containers: 25 | - name: hello-v1-deploy 26 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v1:1.0.0 27 | env: 28 | - name: HTTP_HELLO_BACKEND 29 | value: "hello2-svc" 30 | ports: 31 | - containerPort: 8001 32 | --- 33 | apiVersion: apps/v1 34 | kind: Deployment 35 | metadata: 36 | name: hello1-deploy-v2 37 | labels: 38 | app: hello1-deploy-v2 39 | service: hello1-deploy 40 | version: v2 41 | spec: 42 | replicas: 1 43 | selector: 44 | matchLabels: 45 | app: hello1-deploy-v2 46 | service: hello1-deploy 47 | version: v2 48 | template: 49 | metadata: 50 | labels: 51 | app: hello1-deploy-v2 52 | service: hello1-deploy 53 | version: v2 54 | spec: 55 | serviceAccountName: http-hello-sa 56 | containers: 57 | - name: hello-v2-deploy 58 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v2:1.0.0 59 | env: 60 | - name: HTTP_HELLO_BACKEND 61 | value: "hello2-svc" 62 | ports: 63 | - containerPort: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hello1-svc 5 | labels: 6 | app: hello1-svc 7 | spec: 8 | ports: 9 | - port: 8001 10 | name: http 11 | selector: 12 | service: hello1-deploy -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello2_deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello2-deploy-v1 5 | labels: 6 | app: hello2-deploy-v1 7 | service: hello2-deploy 8 | version: v1 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: hello2-deploy-v1 14 | service: hello2-deploy 15 | version: v1 16 | template: 17 | metadata: 18 | labels: 19 | app: hello2-deploy-v1 20 | service: hello2-deploy 21 | version: v1 22 | spec: 23 | serviceAccountName: http-hello-sa 24 | containers: 25 | - name: hello-v1-deploy 26 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v1:1.0.0 27 | env: 28 | - name: HTTP_HELLO_BACKEND 29 | value: "hello3-svc" 30 | ports: 31 | - containerPort: 8001 32 | --- 33 | apiVersion: apps/v1 34 | kind: Deployment 35 | metadata: 36 | name: hello2-deploy-v2 37 | labels: 38 | app: hello2-deploy-v2 39 | service: hello2-deploy 40 | version: v2 41 | spec: 42 | replicas: 1 43 | selector: 44 | matchLabels: 45 | app: hello2-deploy-v2 46 | service: hello2-deploy 47 | version: v2 48 | template: 49 | metadata: 50 | labels: 51 | app: hello2-deploy-v2 52 | service: hello2-deploy 53 | version: v2 54 | spec: 55 | serviceAccountName: http-hello-sa 56 | containers: 57 | - name: hello-v2-deploy 58 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v2:1.0.0 59 | env: 60 | - name: HTTP_HELLO_BACKEND 61 | value: "hello3-svc" 62 | ports: 63 | - containerPort: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello2_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hello2-svc 5 | labels: 6 | app: hello2-svc 7 | spec: 8 | ports: 9 | - port: 8001 10 | name: http 11 | selector: 12 | service: hello2-deploy -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello3_deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello3-deploy-v1 5 | labels: 6 | app: hello3-deploy-v1 7 | service: hello3-deploy 8 | version: v1 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: hello3-deploy-v1 14 | service: hello3-deploy 15 | version: v1 16 | template: 17 | metadata: 18 | labels: 19 | app: hello3-deploy-v1 20 | service: hello3-deploy 21 | version: v1 22 | spec: 23 | serviceAccountName: http-hello-sa 24 | containers: 25 | - name: hello-v1-deploy 26 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v1:1.0.0 27 | ports: 28 | - containerPort: 8001 29 | --- 30 | apiVersion: apps/v1 31 | kind: Deployment 32 | metadata: 33 | name: hello3-deploy-v2 34 | labels: 35 | app: hello3-deploy-v2 36 | service: hello3-deploy 37 | version: v2 38 | spec: 39 | replicas: 1 40 | selector: 41 | matchLabels: 42 | app: hello3-deploy-v2 43 | service: hello3-deploy 44 | version: v2 45 | template: 46 | metadata: 47 | labels: 48 | app: hello3-deploy-v2 49 | service: hello3-deploy 50 | version: v2 51 | spec: 52 | serviceAccountName: http-hello-sa 53 | containers: 54 | - name: hello-v2-deploy 55 | image: registry.cn-beijing.aliyuncs.com/asm_repo/http_springboot_v2:1.0.0 56 | ports: 57 | - containerPort: 8001 -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello3_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: hello3-svc 5 | labels: 6 | app: hello3-svc 7 | spec: 8 | ports: 9 | - port: 8001 10 | name: http 11 | selector: 12 | service: hello3-deploy -------------------------------------------------------------------------------- /propagate-headers-filter/config/kube/hello_serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: http-hello-sa 5 | labels: 6 | account: http-hello-deploy -------------------------------------------------------------------------------- /propagate-headers-filter/config/lua.envoyfilter/hello1_v2_lua_envoyfilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: hello1v2-lua-propaganda-filter 5 | spec: 6 | workloadSelector: 7 | labels: 8 | app: hello1-deploy-v2 9 | version: v2 10 | configPatches: 11 | - applyTo: HTTP_FILTER 12 | match: 13 | context: SIDECAR_OUTBOUND 14 | proxy: 15 | proxyVersion: "^1\\.8\\.*" 16 | listener: 17 | filterChain: 18 | filter: 19 | name: envoy.filters.network.http_connection_manager 20 | subFilter: 21 | name: envoy.filters.http.router 22 | patch: 23 | operation: INSERT_BEFORE 24 | value: 25 | name: envoy.lua 26 | typed_config: 27 | "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua 28 | inlineCode: | 29 | function envoy_on_request(handle) 30 | handle:logInfo("[propagate header] route-v:hello2v2") 31 | handle:headers():add("route-v", "hello2v2") 32 | end 33 | -------------------------------------------------------------------------------- /propagate-headers-filter/config/lua.envoyfilter/hello2_v2_lua_envoyfilter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: EnvoyFilter 3 | metadata: 4 | name: hello2v2-lua-propaganda-filter 5 | spec: 6 | workloadSelector: 7 | labels: 8 | app: hello2-deploy-v2 9 | version: v2 10 | configPatches: 11 | - applyTo: HTTP_FILTER 12 | match: 13 | context: SIDECAR_OUTBOUND 14 | proxy: 15 | proxyVersion: "^1\\.8\\.*" 16 | listener: 17 | filterChain: 18 | filter: 19 | name: envoy.filters.network.http_connection_manager 20 | subFilter: 21 | name: envoy.filters.http.router 22 | patch: 23 | operation: INSERT_BEFORE 24 | value: 25 | name: envoy.lua 26 | typed_config: 27 | "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua 28 | inlineCode: | 29 | function envoy_on_request(handle) 30 | handle:logInfo("[propagate header] route-v:hello3v2") 31 | handle:headers():add("route-v", "hello3v2") 32 | end 33 | -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello1_destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: hello1-dr 5 | spec: 6 | host: hello1-svc 7 | subsets: 8 | - name: hello1v1 9 | labels: 10 | version: v1 11 | - name: hello1v2 12 | labels: 13 | version: v2 -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello1_virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: hello-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 8001 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" 15 | --- 16 | # https://istio.io/latest/docs/reference/config/networking/virtual-service/ 17 | apiVersion: networking.istio.io/v1alpha3 18 | kind: VirtualService 19 | metadata: 20 | name: hello1-vs 21 | spec: 22 | hosts: 23 | - "*" 24 | gateways: 25 | - hello-gateway 26 | # - mesh 27 | http: 28 | - name: hello1-v1-route 29 | match: 30 | - headers: 31 | route-v: 32 | exact: v2 33 | route: 34 | - destination: 35 | host: hello1-svc 36 | subset: hello1v2 37 | - route: 38 | - destination: 39 | host: hello1-svc 40 | subset: hello1v1 41 | -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello2_destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: hello2-dr 5 | spec: 6 | host: hello2-svc 7 | subsets: 8 | - name: hello2v1 9 | labels: 10 | version: v1 11 | - name: hello2v2 12 | labels: 13 | version: v2 -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello2_virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: hello2-vs 5 | spec: 6 | hosts: 7 | - hello2-svc 8 | http: 9 | - name: hello2-v2-route 10 | match: 11 | - headers: 12 | route-v: 13 | exact: hello2v2 14 | route: 15 | - destination: 16 | host: hello2-svc 17 | subset: hello2v2 18 | - route: 19 | - destination: 20 | host: hello2-svc 21 | subset: hello2v1 -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello3_destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: hello3-dr 5 | spec: 6 | host: hello3-svc 7 | subsets: 8 | - name: hello3v1 9 | labels: 10 | version: v1 11 | - name: hello3v1 12 | labels: 13 | version: v2 14 | - name: hello3v2 15 | labels: 16 | version: v2 -------------------------------------------------------------------------------- /propagate-headers-filter/config/mesh/hello3_virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: hello3-vs 5 | spec: 6 | hosts: 7 | - hello3-svc 8 | http: 9 | - match: 10 | - headers: 11 | route-v: 12 | exact: hello3v2 13 | route: 14 | - destination: 15 | host: hello3-svc 16 | subset: hello3v2 17 | - route: 18 | - destination: 19 | host: hello3-svc 20 | subset: hello3v1 -------------------------------------------------------------------------------- /propagate-headers-filter/docker-compose-remote.yaml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | proxy: 4 | build: 5 | context: ./envoy 6 | # switch to use local or remote 7 | # dockerfile: Dockerfile.proxy.local 8 | dockerfile: Dockerfile.proxy.remote 9 | volumes: 10 | - ./envoy/envoy-remote-wasm-2.yaml:/etc/envoy-remote-wasm.yaml 11 | networks: 12 | - envoymesh 13 | expose: 14 | - "80" 15 | - "8001" 16 | ports: 17 | - "18000:80" 18 | - "18001:8001" 19 | web_service: 20 | image: hashicorp/http-echo 21 | command: 22 | - '-text="propaganda_filter is here."' 23 | networks: 24 | envoymesh: 25 | aliases: 26 | - web_service 27 | expose: 28 | - "5678" 29 | ports: 30 | - "18080:5678" 31 | networks: 32 | envoymesh: 33 | external: true -------------------------------------------------------------------------------- /propagate-headers-filter/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | proxy: 4 | build: 5 | context: ./config/envoy 6 | dockerfile: Dockerfile.proxy.local 7 | volumes: 8 | - ./config/envoy/envoy-local-wasm.yaml:/etc/envoy-local-wasm.yaml 9 | - ./target/wasm32-unknown-unknown/release/propaganda_filter.wasm:/etc/propaganda_filter.wasm 10 | networks: 11 | - envoymesh 12 | expose: 13 | - "80" 14 | - "8001" 15 | ports: 16 | - "18000:80" 17 | - "18001:8001" 18 | web_service: 19 | image: hashicorp/http-echo 20 | command: 21 | - '-text="propaganda_filter is here."' 22 | networks: 23 | envoymesh: 24 | aliases: 25 | - web_service 26 | expose: 27 | - "5678" 28 | ports: 29 | - "18080:5678" 30 | networks: 31 | envoymesh: 32 | external: true -------------------------------------------------------------------------------- /propagate-headers-filter/press/common/config: -------------------------------------------------------------------------------- 1 | # kubeconfig of user's kubenetes cluster 2 | USER_CONFIG=$HOME/shop_config/kubeconfig/ack_3rd_staging 3 | # kubeconfig of user's servicemesh cluster 4 | MESH_CONFIG=$HOME/shop_config/kubeconfig/asm_staging 5 | -------------------------------------------------------------------------------- /propagate-headers-filter/press/common/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | if [ -z "$1" ]; then 8 | echo "No namespace argument supplied" 9 | exit 0 10 | fi 11 | NS=$1 12 | # S sidecar 13 | # W wasm-sidecar 14 | # L lua-sidecar 15 | TYPE=$2 16 | 17 | source config 18 | alias k="kubectl --kubeconfig $USER_CONFIG" 19 | alias m="kubectl --kubeconfig $MESH_CONFIG" 20 | 21 | echo "Clean..." 22 | k delete namespace $NS >/dev/null 2>&1 23 | m delete namespace $NS >/dev/null 2>&1 24 | echo "Create namespace($NS)" 25 | k create ns $NS 26 | m create ns $NS 27 | m label ns $NS istio-injection=enabled 28 | 29 | echo "Deploy dataplane" 30 | cd ../.. 31 | k -n $NS apply -f config/kube/ 32 | 33 | echo " Waiting for hello2-deploy-v1" 34 | k -n $NS wait --for=condition=ready pod -l app=hello2-deploy-v2 35 | k -n $NS wait --for=condition=ready pod -l app=hello1-deploy-v1 36 | sleep 3s 37 | k get svc -n $NS 38 | k get pods -n $NS 39 | 40 | hello2_v1_pod=$(k get pod -l app=hello2-deploy-v1 -n $NS -o jsonpath={.items..metadata.name}) 41 | 42 | echo "Check from hello2v1($hello2_v1_pod):" 43 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n $NS -- curl -s localhost:8001/hello/eric 44 | echo 45 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n $NS -- curl -s http://hello2-svc:8001/hello/eric 46 | echo 47 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n $NS -- curl -s http://hello1-svc:8001/hello/eric 48 | echo 49 | 50 | echo "Deploy mesh" 51 | case $TYPE in 52 | "S") 53 | m -n $NS apply -f config/mesh/ 54 | echo "DONE" 55 | ;; 56 | "W") 57 | m -n $NS apply -f config/mesh/ 58 | echo "Deploy wasm envoyfilter" 59 | m -n $NS apply -f config/envoyfilter/ 60 | echo "Deploy wasm configmap" 61 | wasm_image=target/wasm32-unknown-unknown/release/propaganda-header-filter.wasm 62 | k -n $NS create configmap -n $NS propaganda-header --from-file=$wasm_image 63 | echo "Patch annotations to deployment" 64 | patch_annotations=$(cat config/annotations/patch-annotations.yaml) 65 | for i in {1..2}; do 66 | for j in {2..2}; do 67 | k -n $NS patch deployment "hello$i-deploy-v$j" -p "$patch_annotations" 68 | done 69 | done 70 | ;; 71 | "L") 72 | m -n $NS apply -f config/mesh/ 73 | echo "Deploy lua envoyfilter" 74 | # https://istio.io/latest/news/releases/1.9.x/announcing-1.9/upgrade-notes/ 75 | m -n $NS apply -f config/lua.envoyfilter/ 76 | ;; 77 | *) 78 | echo "DONE" 79 | ;; 80 | esac 81 | -------------------------------------------------------------------------------- /propagate-headers-filter/press/lua-sidecar/gw38001.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: hello-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 38001 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" -------------------------------------------------------------------------------- /propagate-headers-filter/press/lua-sidecar/press.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | source ../common/config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | alias m="kubectl --kubeconfig $MESH_CONFIG" 11 | 12 | PORT=38001 13 | NS=hello-abtest-lua 14 | 15 | echo "1 Deploy" 16 | k get ns $NS 17 | # exist return 0 18 | # not exist return 1 19 | RESULT=$? 20 | if [[ $RESULT == 1 ]]; then 21 | sh ../common/deploy.sh $NS L 22 | m -n $NS apply -f gw$PORT.yaml 23 | fi 24 | 25 | echo "2 Verify" 26 | ingressGatewayIp=$(k -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 27 | echo "curl -s -H \"route-v:v2\" http://$ingressGatewayIp:$PORT/hello/eric" 28 | echo >result 29 | for i in {1..5}; do 30 | curl -s -H "route-v:v1" "http://$ingressGatewayIp:$PORT/hello/eric" >>result 31 | echo >>result 32 | done 33 | # grep --only-matching 34 | check=$(grep -o "Hello eric" result | wc -l) 35 | rm -f result 36 | if [[ "$check" -eq "15" ]]; then 37 | echo "pass" 38 | else 39 | echo "fail" 40 | exit 1 41 | fi 42 | echo "3 Hey" 43 | # https://github.com/rakyll/hey 44 | hey -c $NUM -q $QPS -z $Duration -H "route-v:v2" http://$ingressGatewayIp:$PORT/hello/eric > $SIDECAR_LUA_RESULT 45 | echo "DONE" 46 | -------------------------------------------------------------------------------- /propagate-headers-filter/press/press.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )" 7 | cd "$SCRIPT_PATH" || exit 8 | 9 | MAX_OPENFILE_NUM=50000 10 | ulimit -n $MAX_OPENFILE_NUM 11 | 12 | run_press() { 13 | RESULT_PATH="$SCRIPT_PATH/_result/$NUM-$QPS-$Duration/" 14 | echo "run_press(NUM=$NUM,QPS=$QPS,Duration=$Duration)\nsave to $RESULT_PATH" 15 | export SIDECAR_RESULT=$RESULT_PATH/sidecar.result 16 | export SIDECAR_WASM_RESULT=$RESULT_PATH/wasm-sidecar.result 17 | export SIDECAR_LUA_RESULT=$RESULT_PATH/lua-sidecar.result 18 | test -d $RESULT_PATH || mkdir -p $RESULT_PATH 19 | sh sidecar/press.sh 20 | sh wasm-sidecar/press.sh 21 | sh lua-sidecar/press.sh 22 | } 23 | 24 | export NUM=2000 25 | export QPS=2000 26 | export Duration=10s 27 | run_press 28 | -------------------------------------------------------------------------------- /propagate-headers-filter/press/readme.md: -------------------------------------------------------------------------------- 1 | 2 | ### config 3 | ```bash 4 | vi common/config 5 | ``` 6 | - `NUM` 7 | - `QPS` 8 | - `Duration` 9 | 10 | ### run 11 | ```bash 12 | sh sidecar/press.sh 13 | sh wasm-sidecar/press.sh 14 | sh lua-sidecar/press.sh 15 | ``` 16 | 17 | ### report 18 | ```bash 19 | cat _result/sidecar.result 20 | cat _result/wasm-sidecar.result 21 | cat _result/lua-sidecar.result 22 | ``` -------------------------------------------------------------------------------- /propagate-headers-filter/press/sidecar/gw18001.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: hello-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 18001 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" -------------------------------------------------------------------------------- /propagate-headers-filter/press/sidecar/press.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | source ../common/config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | alias m="kubectl --kubeconfig $MESH_CONFIG" 11 | 12 | PORT=18001 13 | NS=hello-abtest 14 | 15 | echo "1 Deploy" 16 | k get ns $NS 17 | # exist return 0 18 | # not exist return 1 19 | RESULT=$? 20 | if [[ $RESULT == 1 ]]; then 21 | sh ../common/deploy.sh $NS S 22 | m -n $NS apply -f gw$PORT.yaml 23 | fi 24 | 25 | echo "2 Verify" 26 | ingressGatewayIp=$(k -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 27 | echo "curl -s -H \"route-v:v2\" http://$ingressGatewayIp:$PORT/hello/eric" 28 | echo >result 29 | for i in {1..5}; do 30 | curl -s -H "route-v:v2" "http://$ingressGatewayIp:$PORT/hello/eric" >>result 31 | echo >>result 32 | done 33 | # grep --only-matching 34 | check=$(grep -o "Hello eric" result | wc -l) 35 | rm -f result 36 | if [[ "$check" -eq "10" ]]; then 37 | echo "pass" 38 | else 39 | echo "fail" 40 | exit 1 41 | fi 42 | echo "3 Hey" 43 | # https://github.com/rakyll/hey 44 | hey -c $NUM -q $QPS -z $Duration -H "route-v:v2" http://$ingressGatewayIp:$PORT/hello/eric > $SIDECAR_RESULT 45 | echo "DONE" 46 | -------------------------------------------------------------------------------- /propagate-headers-filter/press/wasm-sidecar/gw28001.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: hello-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 28001 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - "*" -------------------------------------------------------------------------------- /propagate-headers-filter/press/wasm-sidecar/press.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | source ../common/config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | alias m="kubectl --kubeconfig $MESH_CONFIG" 11 | 12 | PORT=28001 13 | NS=hello-abtest-wasm 14 | 15 | echo "1 Deploy" 16 | k get ns $NS 17 | # exist return 0 18 | # not exist return 1 19 | RESULT=$? 20 | if [[ $RESULT == 1 ]]; then 21 | sh ../common/deploy.sh $NS W 22 | m -n $NS apply -f gw$PORT.yaml 23 | fi 24 | 25 | echo "2 Verify" 26 | ingressGatewayIp=$(k -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 27 | echo "curl -s -H \"route-v:v2\" http://$ingressGatewayIp:$PORT/hello/eric" 28 | echo >result 29 | for i in {1..5}; do 30 | curl -s -H "route-v:v2" "http://$ingressGatewayIp:$PORT/hello/eric" >>result 31 | echo >>result 32 | done 33 | # grep --only-matching 34 | check=$(grep -o "Bonjour eric" result | wc -l) 35 | if [[ "$check" -eq "15" ]]; then 36 | echo "pass" 37 | else 38 | echo "fail" 39 | exit 1 40 | fi 41 | rm -f result 42 | echo "3 Hey" 43 | # https://github.com/rakyll/hey 44 | hey -c $NUM -q $QPS -z $Duration -H "route-v:v2" http://$ingressGatewayIp:$PORT/hello/eric > $SIDECAR_WASM_RESULT 45 | echo "DONE" 46 | -------------------------------------------------------------------------------- /propagate-headers-filter/sh/local/1-build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | cd ../.. 8 | rustup override set nightly 9 | cargo clean 10 | cargo fmt 11 | #cargo build -vv --target=wasm32-unknown-unknown --release 12 | cargo build --target=wasm32-unknown-unknown --release 13 | echo "built it !" -------------------------------------------------------------------------------- /propagate-headers-filter/sh/local/2-run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | cd ../.. 8 | docker-compose up --build 9 | -------------------------------------------------------------------------------- /propagate-headers-filter/sh/local/3-test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | echo "localhost:18000:" 4 | curl -H "version-tag":"v1" "localhost:18000" 5 | echo "\nlocalhost:18000/hello:" 6 | curl -H "version-tag":"v2" "localhost:18000/hello" 7 | echo "\nlocalhost:18000/hello?star=black:" 8 | curl -H "version-tag":"v3" "localhost:18000/hello?star=black" 9 | echo "\nlocalhost:18000/hello?star=black&number=5" 10 | curl -H "version-tag":"v3" "localhost:18000/hello?star=black&number=5" -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/1-build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -e 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | cd ../.. 9 | rustup override set nightly 10 | 11 | cargo clean 12 | cargo fmt 13 | #cargo build -vv --target=wasm32-unknown-unknown --release 14 | cargo build --target=wasm32-unknown-unknown --release 15 | echo "built it ! File path and size:" 16 | ls -hl target/wasm32-unknown-unknown/release/propaganda_filter.wasm 17 | 18 | #resize package 19 | #cargo install wasm-gc 20 | wasm-gc ./target/wasm32-unknown-unknown/release/propaganda_filter.wasm ./target/wasm32-unknown-unknown/release/propaganda-header-filter.wasm 21 | ls -hl target/wasm32-unknown-unknown/release/propaganda-header-filter.wasm -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/2-deploy.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | 8 | source config 9 | 10 | alias k="kubectl --kubeconfig $USER_CONFIG" 11 | alias m="kubectl --kubeconfig $MESH_CONFIG" 12 | 13 | echo "clean..." 14 | k delete namespace http-hello >/dev/null 2>&1 15 | m delete namespace http-hello >/dev/null 2>&1 16 | echo "create" 17 | k create ns http-hello 18 | m create ns http-hello 19 | m label ns http-hello istio-injection=enabled 20 | 21 | echo "deploy" 22 | #部署数据平面 23 | cd ../.. 24 | k -n http-hello apply -f config/kube/ 25 | 26 | echo "waiting for hello2-deploy-v1" 27 | k -n http-hello wait --for=condition=ready pod -l app=hello2-deploy-v2 28 | k -n http-hello wait --for=condition=ready pod -l app=hello1-deploy-v1 29 | 30 | #查看服务状态 31 | k get svc -n http-hello 32 | #查看POD状态 33 | k get pods -n http-hello 34 | 35 | hello2_v1_pod=$(k get pod -l app=hello2-deploy-v1 -n http-hello -o jsonpath={.items..metadata.name}) 36 | 37 | echo "Check from $hello2_v1_pod:" 38 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n http-hello -- curl -s localhost:8001/hello/eric 39 | echo 40 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n http-hello -- curl -s http://hello2-svc:8001/hello/eric 41 | echo 42 | k exec "$hello2_v1_pod" -c hello-v1-deploy -n http-hello -- curl -s http://hello1-svc:8001/hello/eric 43 | echo 44 | 45 | echo "Deploy mesh" 46 | m -n http-hello apply -f config/mesh/ 47 | echo "Deploy wasm envoyfilter" 48 | m -n http-hello apply -f config/envoyfilter/ 49 | 50 | #echo "Deploy lua envoyfilter" 51 | #https://istio.io/latest/news/releases/1.9.x/announcing-1.9/upgrade-notes/ 52 | #m -n http-hello apply -f config/lua.envoyfilter/ -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/3-hello1v2.envoy.config.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | 8 | source config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | timestamp=$(date "+%Y%m%d-%H%M%S") 11 | hello1_v2_pod=$(k get pod -l app=hello1-deploy-v2 -n http-hello -o jsonpath={.items..metadata.name}) 12 | echo "Dump from $hello1_v2_pod" 13 | k -n http-hello exec "$hello1_v2_pod" -c istio-proxy \ 14 | -- curl -s "http://localhost:15000/config_dump?resource=dynamic_listeners" >dynamic_listeners-"$timestamp".json 15 | #grep "head_tag_name" dynamic_listeners-"$timestamp".json 16 | grep "propaganda_filter_vm" dynamic_listeners-"$timestamp".json 17 | grep "envoy.lua" dynamic_listeners-"$timestamp".json 18 | rm -f d*.json -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/4-configmap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | 8 | source config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | 11 | echo "1 store wasm to configmap" 12 | k delete configmap -n http-hello propaganda-header >/dev/null 2>&1 13 | cd ../.. 14 | wasm_image=target/wasm32-unknown-unknown/release/propaganda-header-filter.wasm 15 | ls -hl $wasm_image 16 | k create configmap -n http-hello propaganda-header --from-file=$wasm_image 17 | 18 | echo "2 patch annotations to deployment" 19 | patch_annotations=$(cat config/annotations/patch-annotations.yaml) 20 | 21 | for i in {1..2}; do 22 | for j in {2..2}; do 23 | k -n http-hello patch deployment "hello$i-deploy-v$j" -p "$patch_annotations" 24 | done 25 | done 26 | 27 | echo "3 check..." 28 | sleep 10s 29 | for i in {1..2}; do 30 | for j in {2..2}; do 31 | echo "check deployment/hello$i-deploy-v$j:" 32 | k -n http-hello exec -it deployment/hello"$i"-deploy-v"$j" -c istio-proxy -- ls -l /var/local/lib/wasm-filters/ 33 | done 34 | done -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/5-test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # shellcheck disable=SC2028 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | 9 | source config 10 | alias k="kubectl --kubeconfig $USER_CONFIG" 11 | 12 | ingressGatewayIp=$(k -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 13 | echo "== ingress($ingressGatewayIp) v2 test ==" 14 | curl -H "route-v:v2" "http://$ingressGatewayIp:8001/hello/eric" 15 | echo 16 | curl -H "route-v:v2" "http://$ingressGatewayIp:8001/hello/eric" 17 | echo 18 | curl -H "route-v:v2" "http://$ingressGatewayIp:8001/hello/eric" 19 | 20 | mesh_inside_test() { 21 | echo "\n== mesh inside v2 test ==" 22 | hello3_v2_pod=$(k get pod -l app=hello3-deploy-v2 -n http-hello -o jsonpath={.items..metadata.name}) 23 | echo "= hello1 v2:" 24 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello1-svc:8001/hello/eric 25 | echo 26 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello1-svc:8001/hello/eric 27 | echo 28 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello1-svc:8001/hello/eric 29 | echo "\n= hello2 v2:" 30 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello2-svc:8001/hello/eric 31 | echo 32 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello2-svc:8001/hello/eric 33 | echo 34 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello2-svc:8001/hello/eric 35 | echo "\n= hello3 v2:" 36 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello3-svc:8001/hello/eric 37 | echo 38 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello3-svc:8001/hello/eric 39 | echo 40 | k -n http-hello exec "$hello3_v2_pod" -c hello-v2-deploy -- curl -s -H "route-v:v2" hello3-svc:8001/hello/eric 41 | } 42 | mesh_inside_test 43 | -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/6-hello1v2-envoy-log.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | 8 | source config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | 11 | #k -n http-hello exec deployment/hello1-deploy-v2 -c istio-proxy -- ps aux 12 | 13 | hello1_v2_pod=$(k get pod -l app=hello1-deploy-v2 -n http-hello -o jsonpath={.items..metadata.name}) 14 | k -n http-hello exec "$hello1_v2_pod" -c istio-proxy -- curl -XPOST -s "http://localhost:15000/logging?level=info" 15 | 16 | k -n http-hello logs -f deployment/hello1-deploy-v2 -c istio-proxy -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/7-hello2v1-log.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | 8 | source config 9 | alias k="kubectl --kubeconfig $USER_CONFIG" 10 | 11 | k -n http-hello logs -f deployment/hello2-deploy-v1 -c hello-v1-deploy -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-configmap/config: -------------------------------------------------------------------------------- 1 | # kubeconfig of user's kubenetes cluster 2 | USER_CONFIG=$HOME/shop_config/kubeconfig/ack_3rd_staging 3 | # kubeconfig of user's servicemesh cluster 4 | MESH_CONFIG=$HOME/shop_config/kubeconfig/asm_staging -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-http/1-build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -e 3 | SCRIPT_PATH="$( 4 | cd "$(dirname "$0")" >/dev/null 2>&1 5 | pwd -P 6 | )/" 7 | cd "$SCRIPT_PATH" || exit 8 | cd ../.. 9 | rustup override set nightly 10 | cargo clean 11 | cargo fmt 12 | #cargo build -vv --target=wasm32-unknown-unknown --release 13 | cargo build --target=wasm32-unknown-unknown --release 14 | echo "built it !" 15 | echo "file path and size:" 16 | ls -hl target/wasm32-unknown-unknown/release/propaganda_filter.wasm 17 | 18 | #cargo install wasm-gc 19 | wasm-gc ./target/wasm32-unknown-unknown/release/propaganda_filter.wasm ./target/wasm32-unknown-unknown/release/propaganda-filter.wasm 20 | ls -hl target/wasm32-unknown-unknown/release/propaganda-filter.wasm -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-http/2-sum.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | cd ../.. 8 | 9 | #https://www.baeldung.com/linux/sha-256-from-command-line 10 | #brew install coreutils 11 | #Hex::encode(crypto_util.getSha256Digest(response->body())) 12 | set -e 13 | sha256sum target/wasm32-unknown-unknown/release/propaganda-filter.wasm | awk '{print $1}' \ 14 | > target/wasm32-unknown-unknown/release/propaganda-filter.sha256 15 | 16 | #SECRET="0123456789abcdef" 17 | #| openssl dgst -sha256 -hmac $SECRET -binary | base64 \ 18 | -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-http/3-run_http_server.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # shellcheck disable=SC2016 4 | 5 | SCRIPT_PATH="$( 6 | cd "$(dirname "$0")" >/dev/null 2>&1 7 | pwd -P 8 | )/" 9 | cd "$SCRIPT_PATH" || exit 10 | cd ../.. 11 | 12 | ## 13 | sha_256=$(cat target/wasm32-unknown-unknown/release/propaganda-filter.sha256) 14 | host_ip=$(ipconfig getifaddr en0) 15 | cp envoy/envoy-remote-wasm.yaml.template envoy/envoy-remote-wasm.yaml 16 | 17 | sed -i "" "s#HOST_IP#$host_ip#g" envoy/envoy-remote-wasm.yaml 18 | sed -i "" "s#SHA_256#$sha_256#g" envoy/envoy-remote-wasm.yaml 19 | 20 | ## 21 | cd target/wasm32-unknown-unknown/release/ 22 | 23 | ## 24 | python3 -m http.server -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-http/4-run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | SCRIPT_PATH="$( 3 | cd "$(dirname "$0")" >/dev/null 2>&1 4 | pwd -P 5 | )/" 6 | cd "$SCRIPT_PATH" || exit 7 | cd ../.. 8 | docker-compose -f docker-compose-remote.yaml up --build 9 | -------------------------------------------------------------------------------- /propagate-headers-filter/sh/remote-http/5-test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | echo "localhost:18000:" 3 | curl -H "version-tag":"v1" "localhost:18000" 4 | echo "\nlocalhost:18000/hello:" 5 | curl -H "version-tag":"v2" "localhost:18000/hello" 6 | echo "\nlocalhost:18000/hello?star=black:" 7 | curl -H "version-tag":"v3" "localhost:18000/hello?star=black" 8 | echo "\nlocalhost:18000/hello?star=black&number=5" 9 | curl -H "version-tag":"v3" "localhost:18000/hello?star=black&number=5" -------------------------------------------------------------------------------- /propagate-headers-filter/src/propagate_headers.rs: -------------------------------------------------------------------------------- 1 | use log::{info, warn}; 2 | use proxy_wasm::traits::*; 3 | use proxy_wasm::types::*; 4 | use serde_json::Value; 5 | 6 | #[no_mangle] 7 | pub fn _start() { 8 | proxy_wasm::set_log_level(LogLevel::Info); 9 | proxy_wasm::set_root_context(|_| -> Box { 10 | Box::new(PropagandaHeaderRoot { 11 | config: FilterConfig { 12 | head_tag_name: "".to_string(), 13 | head_tag_value: "".to_string(), 14 | }, 15 | }) 16 | }); 17 | } 18 | 19 | struct PropagandaHeaderFilter { 20 | context_id: u32, 21 | config: FilterConfig, 22 | } 23 | 24 | struct PropagandaHeaderRoot { 25 | config: FilterConfig, 26 | } 27 | 28 | struct FilterConfig { 29 | head_tag_name: String, 30 | head_tag_value: String, 31 | } 32 | 33 | impl HttpContext for PropagandaHeaderFilter { 34 | fn on_http_request_headers(&mut self, _: usize) -> Action { 35 | let head_tag_key = self.config.head_tag_name.as_str(); 36 | info!("::::head_tag_key={}", head_tag_key); 37 | if !head_tag_key.is_empty() { 38 | self.set_http_request_header(head_tag_key, Some(self.config.head_tag_value.as_str())); 39 | //https://github.com/istio/istio/issues/30545#issuecomment-783518257 40 | //https://github.com/proxy-wasm/spec/issues/16 & 41 | //https://www.elvinefendi.com/2020/12/09/dynamic-routing-envoy-wasm.html 42 | self.clear_http_route_cache(); 43 | } 44 | for (name, value) in &self.get_http_request_headers() { 45 | info!("::::H[{}] -> {}: {}", self.context_id, name, value); 46 | } 47 | Action::Continue 48 | } 49 | } 50 | 51 | impl RootContext for PropagandaHeaderRoot { 52 | fn on_configure(&mut self, _plugin_configuration_size: usize) -> bool { 53 | if self.config.head_tag_name == "" { 54 | match self.get_configuration() { 55 | Some(config_bytes) => { 56 | let cfg: Value = serde_json::from_slice(config_bytes.as_slice()).unwrap(); 57 | self.config.head_tag_name = cfg 58 | .get("head_tag_name") 59 | .unwrap() 60 | .as_str() 61 | .unwrap() 62 | .to_string(); 63 | self.config.head_tag_value = cfg 64 | .get("head_tag_value") 65 | .unwrap() 66 | .as_str() 67 | .unwrap() 68 | .to_string(); 69 | } 70 | None => { 71 | warn!("NO CONFIG"); 72 | } 73 | } 74 | } 75 | true 76 | } 77 | fn create_http_context(&self, context_id: u32) -> Option> { 78 | info!( 79 | "::::create_http_context head_tag_name={},head_tag_value={}", 80 | self.config.head_tag_name, self.config.head_tag_value 81 | ); 82 | Some(Box::new(PropagandaHeaderFilter { 83 | context_id, 84 | config: FilterConfig { 85 | head_tag_name: self.config.head_tag_name.clone(), 86 | head_tag_value: self.config.head_tag_value.clone(), 87 | }, 88 | })) 89 | } 90 | fn get_type(&self) -> Option { 91 | Some(ContextType::HttpContext) 92 | } 93 | } 94 | 95 | impl Context for PropagandaHeaderFilter {} 96 | 97 | impl Context for PropagandaHeaderRoot {} 98 | --------------------------------------------------------------------------------