Hello everyone, i try to use grpc with istio inkubernetes with json transcoding along with header to metadata, but it’s not work. This is my configs:
gateway:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: cict-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: grpc-gateway
protocol: GRPC
hosts:
- "cict.localhost.com"
- port:
number: 443
name: http-gateway
protocol: HTTP
hosts:
- "cict.localhost.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: cict-grpc-virtual-service
spec:
hosts:
- cict.localhost.com
gateways:
- cict-gateway
http:
- name: "grpc-cict-auth-v1-route"
match:
- port: 80
uri:
prefix: "/cict.service_auth"
- port: 443
uri:
prefix: "/api/service_auth"
route:
- destination:
port:
number: 50051
host: cict-auth.default.svc.cluster.local
timeout: 10s
- name: "grpc-cict-course-v1-route"
match:
- port: 80
uri:
prefix: "/cict.service_course"
- port: 443
uri:
prefix: "/api/service_course"
route:
- destination:
port:
number: 50051
host: cict-course.default.svc.cluster.local
timeout: 10s
authentication:
apiVersion: apps/v1
kind: Deployment
metadata:
name: cict-auth
spec:
replicas: 1
selector:
matchLabels:
app: cict-auth
template:
metadata:
annotations:
sidecar.istio.io/userVolume: '[{"name":"descriptor","secret":{"secretName":"systemsecret","items":[{"key":"cict.descriptor","path":"./cict.descriptor"}]}}]'
sidecar.istio.io/userVolumeMount: '[{"name":"descriptor","mountPath":"/etc/envoy/cict.descriptor","subPath":"cict.descriptor","readOnly":true}]'
labels:
app: cict-auth
spec:
containers:
- name: cict-auth
image: "myhost/cict-auth:latest"
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 50051
env:
- name: CONFIG_JSON
valueFrom:
secretKeyRef:
name: systemsecret
key: config.json
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
---
apiVersion: v1
kind: Service
metadata:
name: cict-auth
spec:
selector:
app: cict-auth
ports:
- port: 50051
name: grpc-port
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: cict-grpc-transcoder
spec:
workloadSelector:
labels:
app: cict-auth
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
portNumber: 50051
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.grpc_json_transcoder
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder
services:
- cict.service_auth.v1.UserService
proto_descriptor: "/etc/envoy/cict.descriptor"
print_options:
add_whitespace: true
always_print_primitive_fields: true
always_print_enums_as_ints: false
preserve_proto_field_names: false
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
portNumber: 50051
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.header_to_metadata
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config
request_rules:
- header: cookie
on_header_present:
metadata_namespace: envoy.lb
key: session_id
type: STRING
remove: false
Appreciate for any helping. Thank you.