给list适配器创建配置,其中包含v1、v2两个版本。保存下面的YAML代码为whitelisthandler.yaml,或者直接从本书的github代码库中获取:
apiVersion: config.istio.io/v1alpha2 kind: listchecker metadata: name: whitelist spec: # providerUrl: 通常会在外部管理列表内容,然后使用这一参数进行异步抓取 overrides: ["v1"] # 用 overrides 字段提供静态内容 blacklist: false
然后运行如下命令:
$ kubectl apply -n whitelist -f whitelist-handler.yaml listchecker.config.istio.io/whitelist created
创建一个listentry适配器的模板,用于解析版本标签,将下面的YAML代码段保存为appversion-instance.yaml:
apiVersion: config.istio.io/v1alpha2 kind: listentry metadata: name: appversion spec: value: source.labels["version"]
然后运行如下命令:
$ kubectl apply -n whitelist -f appversion-instance.yaml listentry.config.istio.io/appversion created
为httpbin服务启用whitelist检查功能,将下面的YAML代码段保存为checkversion-rule.yaml:
apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
name: checkversion
spec:
match: destination.labels["app"] == "httpbin"
actions:
- handler: whitelist.listchecker
instances:
- appversion.listentry
然后运行如下命令:
$ kubectl apply -n whitelist -f checkversion-rule.yaml rule.config.istio.io/checkversion created