istio
istio copied to clipboard
Published
20 hours ago •
istio
istio
wasm plugin can not get the "x-envoy-peer-metadata-id" header
Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
Bug Description
when use wasm plugin get http header,can not get x-envoy-peer-metadata-id and x-envoy-peer-metadata. bug the debug log can print the two headers.
but in some other cluster i can get the http header
the wasm plugin code
func (ctx *injectErrHttpContext) OnHttpRequestHeaders(numHeaders int, endOfStream bool) types.Action {
hs, err := proxywasm.GetHttpRequestHeaders()
if err != nil {
proxywasm.LogCriticalf("failed to get http headers: %v", err)
return types.ActionContinue
}
proxywasm.LogCriticalf("request headers: %v", hs)
return types.ActionContinue
}
Version
istio version
client version: 1.16.7
istiod version: 1.16.7
data plane version: 1.16.7 (831 proxies)
k8s version
Client Version: v1.24.16
Kustomize Version: v4.5.4
Server Version: v1.23.9-r0-23.2.32
Additional Information
Target cluster context:
Running with the following config:
istio-namespace: istio-system full-secrets: false timeout (mins): 30 include: { } exclude: { Namespaces: kube-node-lease,kube-public,kube-system,local-path-storage } end-time: 2024-03-21 12:19:19.506107906 +0800 CST
can you share you wasmplugin configuration or the config dump of the listener.
Please kindly submit a discussion to ask questions before confirming that the problem is a bug.
wasmplugin configuration
apiVersion: extensions.istio.io/v1alpha1
kind: WasmPlugin
metadata:
name: wasm-plugin-inject
namespace: grpc
spec:
imagePullPolicy: Always
imagePullSecret: cr
phase: AUTHZ
priority: 1000
match:
- mode: SERVER
selector:
matchLabels:
app: server
pluginConfig:
type: error
path: /service.Greeter
sourceWorkload: grpc-client
delay: 50
present: 100
code: 502
url: oci://xxx/xxx/wasm-plugin-inject:v1.1
listener dump for 80 port
[
{
"name": "0.0.0.0_80",
"address": {
"socketAddress": {
"address": "0.0.0.0",
"portValue": 80
}
},
"filterChains": [
{
"filterChainMatch": {
"transportProtocol": "raw_buffer",
"applicationProtocols": [
"http/1.1",
"h2c"
]
},
"filters": [
{
"name": "envoy.filters.network.http_connection_manager",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "outbound_0.0.0.0_80",
"rds": {
"configSource": {
"ads": {},
"initialFetchTimeout": "0s",
"resourceApiVersion": "V3"
},
"routeConfigName": "80"
},
"httpFilters": [
{
"name": "istio.metadata_exchange",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm",
"config": {
"vmConfig": {
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.metadata_exchange"
}
}
},
"configuration": {
"@type": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange"
}
}
}
},
{
"name": "istio.alpn",
"typedConfig": {
"@type": "type.googleapis.com/istio.envoy.config.filter.http.alpn.v2alpha1.FilterConfig",
"alpnOverride": [
{
"alpnOverride": [
"istio-http/1.0",
"istio",
"http/1.0"
]
},
{
"upstreamProtocol": "HTTP11",
"alpnOverride": [
"istio-http/1.1",
"istio",
"http/1.1"
]
},
{
"upstreamProtocol": "HTTP2",
"alpnOverride": [
"istio-h2",
"istio",
"h2"
]
}
]
}
},
{
"name": "envoy.filters.http.fault",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault"
}
},
{
"name": "envoy.filters.http.cors",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors"
}
},
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm",
"config": {
"rootId": "stats_outbound",
"vmConfig": {
"vmId": "stats_outbound",
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.stats"
}
}
},
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\"metrics\":[{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\",\"svr_response_code\":\"x-server-error-code in response.headers ? response.headers[\\\"x-server-error-code\\\"] : \\\"0\\\"\"},\"name\":\"requests_total\"},{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\"},\"name\":\"request_duration_milliseconds\"}]}"
}
}
}
},
{
"name": "envoy.filters.http.router",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
}
}
],
"tracing": {
"clientSampling": {
"value": 100
},
"randomSampling": {
"value": 1
},
"overallSampling": {
"value": 100
},
"customTags": [
{
"tag": "istio.authorization.dry_run.allow_policy.name",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_allow_shadow_effective_policy_id"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.allow_policy.result",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_allow_shadow_engine_result"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.deny_policy.name",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_deny_shadow_effective_policy_id"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.deny_policy.result",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_deny_shadow_engine_result"
}
]
}
}
},
{
"tag": "istio.canonical_revision",
"literal": {
"value": "latest"
}
},
{
"tag": "istio.canonical_service",
"literal": {
"value": "server"
}
},
{
"tag": "istio.mesh_id",
"literal": {
"value": "test"
}
},
{
"tag": "istio.namespace",
"literal": {
"value": "sre-engineer"
}
}
]
},
"streamIdleTimeout": "0s",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
],
"useRemoteAddress": false,
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"normalizePath": true,
"pathWithEscapedSlashesAction": "KEEP_UNCHANGED",
"requestIdExtension": {
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig",
"useRequestIdForTraceSampling": true
}
}
}
}
]
}
],
"defaultFilterChain": {
"filterChainMatch": {},
"filters": [
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm",
"config": {
"rootId": "stats_outbound",
"vmConfig": {
"vmId": "tcp_stats_outbound",
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.stats"
}
}
},
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\"metrics\":[{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\",\"svr_response_code\":\"x-server-error-code in response.headers ? response.headers[\\\"x-server-error-code\\\"] : \\\"0\\\"\"},\"name\":\"requests_total\"},{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\"},\"name\":\"request_duration_milliseconds\"}]}"
}
}
}
},
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
"typeUrl": "type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm",
"value": {
"config": {
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\n \"debug\": \"false\",\n \"stat_prefix\": \"istio\"\n}\n"
},
"root_id": "stats_outbound",
"vm_config": {
"code": {
"local": {
"inline_string": "envoy.wasm.stats"
}
},
"runtime": "envoy.wasm.runtime.null",
"vm_id": "tcp_stats_outbound"
}
}
}
}
},
{
"name": "envoy.filters.network.tcp_proxy",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "PassthroughCluster",
"cluster": "PassthroughCluster",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
]
}
}
],
"name": "PassthroughFilterChain"
},
"listenerFilters": [
{
"name": "envoy.filters.listener.tls_inspector",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
},
{
"name": "envoy.filters.listener.http_inspector",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector"
}
}
],
"listenerFiltersTimeout": "0s",
"continueOnListenerFiltersTimeout": true,
"trafficDirection": "OUTBOUND",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"filter": {
"responseFlagFilter": {
"flags": [
"NR"
]
}
},
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
],
"bindToPort": false
},
{
"name": "10.247.181.187_80",
"address": {
"socketAddress": {
"address": "10.247.181.187",
"portValue": 80
}
},
"filterChains": [
{
"filterChainMatch": {
"transportProtocol": "raw_buffer",
"applicationProtocols": [
"http/1.1",
"h2c"
]
},
"filters": [
{
"name": "envoy.filters.network.http_connection_manager",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
"statPrefix": "outbound_10.247.181.187_80",
"rds": {
"configSource": {
"ads": {},
"initialFetchTimeout": "0s",
"resourceApiVersion": "V3"
},
"routeConfigName": "istio-ingressgateway-bigdata.istio-system.svc.cluster.local:80"
},
"httpFilters": [
{
"name": "istio.metadata_exchange",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm",
"config": {
"vmConfig": {
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.metadata_exchange"
}
}
},
"configuration": {
"@type": "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange"
}
}
}
},
{
"name": "istio.alpn",
"typedConfig": {
"@type": "type.googleapis.com/istio.envoy.config.filter.http.alpn.v2alpha1.FilterConfig",
"alpnOverride": [
{
"alpnOverride": [
"istio-http/1.0",
"istio",
"http/1.0"
]
},
{
"upstreamProtocol": "HTTP11",
"alpnOverride": [
"istio-http/1.1",
"istio",
"http/1.1"
]
},
{
"upstreamProtocol": "HTTP2",
"alpnOverride": [
"istio-h2",
"istio",
"h2"
]
}
]
}
},
{
"name": "envoy.filters.http.fault",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.fault.v3.HTTPFault"
}
},
{
"name": "envoy.filters.http.cors",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors"
}
},
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm",
"config": {
"rootId": "stats_outbound",
"vmConfig": {
"vmId": "stats_outbound",
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.stats"
}
}
},
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\"metrics\":[{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\",\"svr_response_code\":\"x-server-error-code in response.headers ? response.headers[\\\"x-server-error-code\\\"] : \\\"0\\\"\"},\"name\":\"requests_total\"},{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\"},\"name\":\"request_duration_milliseconds\"}]}"
}
}
}
},
{
"name": "envoy.filters.http.router",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
}
}
],
"tracing": {
"clientSampling": {
"value": 100
},
"randomSampling": {
"value": 1
},
"overallSampling": {
"value": 100
},
"customTags": [
{
"tag": "istio.authorization.dry_run.allow_policy.name",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_allow_shadow_effective_policy_id"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.allow_policy.result",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_allow_shadow_engine_result"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.deny_policy.name",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_deny_shadow_effective_policy_id"
}
]
}
}
},
{
"tag": "istio.authorization.dry_run.deny_policy.result",
"metadata": {
"kind": {
"request": {}
},
"metadataKey": {
"key": "envoy.filters.http.rbac",
"path": [
{
"key": "istio_dry_run_deny_shadow_engine_result"
}
]
}
}
},
{
"tag": "istio.canonical_revision",
"literal": {
"value": "latest"
}
},
{
"tag": "istio.canonical_service",
"literal": {
"value": "server"
}
},
{
"tag": "istio.mesh_id",
"literal": {
"value": "test"
}
},
{
"tag": "istio.namespace",
"literal": {
"value": "sre-engineer"
}
}
]
},
"streamIdleTimeout": "0s",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
],
"useRemoteAddress": false,
"upgradeConfigs": [
{
"upgradeType": "websocket"
}
],
"normalizePath": true,
"pathWithEscapedSlashesAction": "KEEP_UNCHANGED",
"requestIdExtension": {
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.request_id.uuid.v3.UuidRequestIdConfig",
"useRequestIdForTraceSampling": true
}
}
}
}
]
}
],
"defaultFilterChain": {
"filters": [
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm",
"config": {
"rootId": "stats_outbound",
"vmConfig": {
"vmId": "tcp_stats_outbound",
"runtime": "envoy.wasm.runtime.null",
"code": {
"local": {
"inlineString": "envoy.wasm.stats"
}
}
},
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\"metrics\":[{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\",\"svr_response_code\":\"x-server-error-code in response.headers ? response.headers[\\\"x-server-error-code\\\"] : \\\"0\\\"\"},\"name\":\"requests_total\"},{\"dimensions\":{\"request_path\":\"request.protocol == 'HTTP/2' \\u0026\\u0026 request.headers['content-type'] == 'application/grpc' ? request.url_path : 'unknown'\"},\"name\":\"request_duration_milliseconds\"}]}"
}
}
}
},
{
"name": "istio.stats",
"typedConfig": {
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
"typeUrl": "type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm",
"value": {
"config": {
"configuration": {
"@type": "type.googleapis.com/google.protobuf.StringValue",
"value": "{\n \"debug\": \"false\",\n \"stat_prefix\": \"istio\"\n}\n"
},
"root_id": "stats_outbound",
"vm_config": {
"code": {
"local": {
"inline_string": "envoy.wasm.stats"
}
},
"runtime": "envoy.wasm.runtime.null",
"vm_id": "tcp_stats_outbound"
}
}
}
}
},
{
"name": "envoy.filters.network.tcp_proxy",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy",
"statPrefix": "outbound|80||istio-ingressgateway-bigdata.istio-system.svc.cluster.local",
"cluster": "outbound|80||istio-ingressgateway-bigdata.istio-system.svc.cluster.local",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
]
}
}
]
},
"listenerFilters": [
{
"name": "envoy.filters.listener.tls_inspector",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
}
},
{
"name": "envoy.filters.listener.http_inspector",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector"
}
}
],
"listenerFiltersTimeout": "0s",
"continueOnListenerFiltersTimeout": true,
"trafficDirection": "OUTBOUND",
"accessLog": [
{
"name": "envoy.access_loggers.file",
"filter": {
"responseFlagFilter": {
"flags": [
"NR"
]
}
},
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"logFormat": {
"textFormatSource": {
"inlineString": "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
}
}
}
}
],
"bindToPort": false
}
]
@zirain
@zirain Thanks。i need help. how can i config the wasmplugin filter place before istio.metadata_exchnage .
may need a new phase, you should use envoyfilter for now.
it's work! thinks!!
my envoyfilter config.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: wasm-plugin-inject
namespace: grpc
spec:
configPatches:
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: istio.metadata_exchange
proxy:
proxyVersion: ^1\.16.*
patch:
operation: INSERT_BEFORE
value:
name: istio.inject
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
config:
configuration:
'@type': type.googleapis.com/google.protobuf.StringValue
value: |
{"type": "error",
"path": "/service.Greeter",
"sourceWorkload": "grpc-client",
"delay": 50,
"present": 100,
"code": 502
}
root_id: wasm_plugin_inject
vm_config:
code:
remote:
http_uri:
cluster: http-download.cluster
timeout: 10s
uri: http://http-download.cluster/plugin.wasm
sha256: 8bf07d3b91fa0b06e6f64fd95c104ce6d525c1966a09d17f651c7e475b8a1b87
runtime: envoy.wasm.runtime.v8
vm_id: wasm_plugin_inject
priority: -1
workloadSelector:
labels:
app: server
reopen this, cause I think wasmplugin should support this instead of using EnvoyFilter.
you can do thing like following:
package main
import (
"strings"
"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm/types"
)
var injectionVersion string
func main() {
proxywasm.SetVMContext(&vmContext{})
}
type vmContext struct {
// Embed the default VM context here,
// so that we don't need to reimplement all the methods.
types.DefaultVMContext
}
// Override types.DefaultVMContext.
func (*vmContext) NewPluginContext(contextID uint32) types.PluginContext {
return &pluginContext{}
}
type pluginContext struct {
// Embed the default plugin context here,
// so that we don't need to reimplement all the methods.
types.DefaultPluginContext
}
// Override types.DefaultPluginContext.
func (p *pluginContext) NewHttpContext(contextID uint32) types.HttpContext {
return &httpContext{contextID: contextID, pluginContext: p}
}
type httpContext struct {
// Embed the default http context here,
// so that we don't need to reimplement all the methods.
types.DefaultHttpContext
contextID uint32
pluginContext *pluginContext
}
func (ctx *pluginContext) OnPluginStart(pluginConfigurationSize int) types.OnPluginStartStatus {
_, err := proxywasm.GetPluginConfiguration()
if err != nil && err != types.ErrorStatusNotFound {
proxywasm.LogCriticalf("error reading plugin configuration: %v", err)
return types.OnPluginStartStatusFailed
}
return types.OnPluginStartStatusOK
}
func (ctx *httpContext) OnHttpResponseHeaders(numHeaders int, endOfStream bool) types.Action {
proxywasm.LogWarnf("OnHttpResponseHeaders")
paths := []string{"downstream_peer", "workload_name"}
bs, err := proxywasm.GetProperty(paths)
if err != nil {
proxywasm.LogWarnf("err: %v", err)
return types.ActionContinue
}
proxywasm.LogWarnf(strings.Join(paths, ".")+": %s", string(bs))
return types.ActionContinue
}