Skip to content

Instantly share code, notes, and snippets.

@leitu

leitu/istio.yaml

Created August 10, 2023 00:18
Show Gist options
  • Save leitu/92efe22e3df8cf02d70b0f2ae0d7ab0c to your computer and use it in GitHub Desktop.
Save leitu/92efe22e3df8cf02d70b0f2ae0d7ab0c to your computer and use it in GitHub Desktop.
Download ZIP
istio with 1.14.x to implement canary cookie
Raw
istio.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: gw
namespace: test
spec:
selector:
app: istio-ingressgateway
istio: ingressgateway
servers:
- hosts:
- *.xyz
port:
name: http
number: 80
protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: blue
namespace: test
spec:
host: blue.test.svc.cluster.local
trafficPolicy:
loadBalancer:
consistentHash:
httpCookie:
name: blue
ttl: 10m
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: vs
namespace: test
spec:
gateways:
- gw
hosts:
- *.xyz
http:
- match:
- headers:
deployment:
exact: blue
uri:
prefix: /test
- headers:
Cookie:
regex: .*blue=.*
uri:
prefix: /test
name: blue-only
route:
- destination:
host: blue.test.svc.cluster.local
port:
number: 8080
- match:
- headers:
deployment:
exact: green
uri:
prefix: /test
- headers:
Cookie:
regex: .*green=.*
uri:
prefix: /test
name: green-only
route:
- destination:
host: green.test.svc.cluster.local
port:
number: 8080
- match:
- uri:
prefix: /test
name: all
route:
- destination:
host: blue.test.svc.cluster.local
port:
number: 8080
weight: 50
- destination:
host: green.test.svc.cluster.local
port:
number: 8080
headers:
response:
add:
Set-Cookie: green=12353598; Max-Age=600
weight: 50
@leitu
Copy link
Author

leitu commented Aug 26, 2023

get a version 2
based on your access, if you saw your callback already has set-cookie, use set instead of add to replace either from slb or app, and we need to check the set-cookie support fields.

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: gw
  namespace: test
spec:
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  servers:
  - hosts:
    - *.xyz
    port:
      name: http
      number: 80
      protocol: HTTP
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vs
  namespace: test
spec:
  gateways:
  - gw
  hosts:
  - *.xyz
  http:
  - match:
    - headers:
        deployment:
          exact: blue
      uri:
        prefix: /test
    - headers:
        Cookie:
          regex: .*blue=.*
      uri:
        prefix: /test
    name: blue-only
    route:
    - destination:
        host: blue.test.svc.cluster.local
        port:
          number: 8080
  - match:
    - headers:
        deployment:
          exact: green
      uri:
        prefix: /test
    - headers:
        Cookie:
          regex: .*green=.*
      uri:
        prefix: /test
    name: green-only
    route:
    - destination:
        host: green.test.svc.cluster.local
        port:
          number: 8080
  - match:
    - uri:
        prefix: /test
    name: all
    route:
    - destination:
        host: blue.test.svc.cluster.local
        port:
          number: 8080
      headers:
        response:
          set:
            Set-Cookie: green=12353598; Max-Age=600;HttpOnly;Secure
      weight: 50
    - destination:
        host: green.test.svc.cluster.local
        port:
          number: 8080
      headers:
        response:
          set:
            Set-Cookie: green=12353598; Max-Age=600;HttpOnly;Secure
      weight: 50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment