Document HTTP Header manipulation options added in #10613

This commit is contained in:
Paul Banks 2021-09-15 13:36:58 +01:00
parent 581357c32a
commit fe92cf7cb6
3 changed files with 201 additions and 2 deletions

View File

@ -400,6 +400,10 @@ spec:
Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy Set up a HTTP listener on an ingress gateway named "us-east-ingress" to proxy
traffic to a virtual service named "api". traffic to a virtual service named "api".
Additionally, ensure internal-only debug headers are stripped before responding
to external clients, and that requests to internal services are labelled to
indicate which gateway they came through.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
@ -413,6 +417,14 @@ Listeners = [
Services = [ Services = [
{ {
Name = "api" Name = "api"
RequestHeaders {
Add {
"x-gateway" = "us-east-ingress"
}
}
ResponseHeaders {
Remove = ["x-debug"]
}
} }
] ]
} }
@ -430,6 +442,7 @@ spec:
protocol: http protocol: http
services: services:
- name: api - name: api
# HTTP Header manipulation is not yet supported in Kubernetes CRD
``` ```
```json ```json
@ -442,7 +455,15 @@ spec:
"Protocol": "http", "Protocol": "http",
"Services": [ "Services": [
{ {
"Name": "api" "Name": "api",
"RequestHeaders": {
"Add": {
"x-gateway": "us-east-ingress"
}
},
"ResponseHeaders": {
"Remove": ["x-debug"]
}
} }
] ]
} }
@ -458,6 +479,10 @@ spec:
Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the Set up a HTTP listener on an ingress gateway named "us-east-ingress" in the
default namespace to proxy traffic to a virtual service named "api". default namespace to proxy traffic to a virtual service named "api".
Additionally, ensure internal-only debug headers are stripped before responding
to external clients, and that requests to internal services are labelled to
indicate which gateway they came through.
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}> <CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
```hcl ```hcl
@ -473,6 +498,14 @@ Listeners = [
{ {
Name = "api" Name = "api"
Namespace = "frontend" Namespace = "frontend"
RequestHeaders {
Add {
"x-gateway" = "us-east-ingress"
}
}
ResponseHeaders {
Remove = ["x-debug"]
}
} }
] ]
} }
@ -492,6 +525,7 @@ spec:
services: services:
- name: api - name: api
namespace: frontend namespace: frontend
# HTTP Header manipulation is not yet supported in Kubernetes CRD
``` ```
```json ```json
@ -506,7 +540,15 @@ spec:
"Services": [ "Services": [
{ {
"Name": "api", "Name": "api",
"Namespace": "frontend" "Namespace": "frontend",
"RequestHeaders": {
"Add": {
"x-gateway": "us-east-ingress"
}
},
"ResponseHeaders": {
"Remove": ["x-debug"]
}
} }
] ]
} }
@ -838,6 +880,22 @@ spec:
records. For example, \`*.example.com\` is valid, while \`example.*\` and records. For example, \`*.example.com\` is valid, while \`example.*\` and
\`*-suffix.example.com\` are not.`, \`*-suffix.example.com\` are not.`,
}, },
{
yaml: false,
name: 'RequestHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to requests routed to this service.
This cannot be used with a \`tcp\` listener.`,
},
{
yaml: false,
name: 'ResponseHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to responses from this service.
This cannot be used with a \`tcp\` listener.`,
},
], ],
}, },
], ],

View File

@ -574,6 +574,69 @@ spec:
description: description:
'A list of HTTP response status codes that are eligible for retry.', 'A list of HTTP response status codes that are eligible for retry.',
}, },
{
yaml: false,
name: 'RequestHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to requests routed to this service.
This cannot be used with a \`tcp\` listener.`,
},
{
yaml: false,
name: 'ResponseHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to responses from this service.
This cannot be used with a \`tcp\` listener.`,
},
]}
/>
### `HTTPHeaderModifiers`
<ConfigEntryReference
topLevel={false}
yaml={false}
keys={[
{
hcl: false,
name: 'Unsupported',
type: '',
description: `HTTP Header modification is not yet supported in our Kubernetes CRDs.`,
},
{
yaml: false,
name: 'Add',
type: 'map<string|string>: optional',
description: `The set of header value keyed by header name to
add. If a header with the same (case-insensitive) name already
exists, the value set here will be appended and both will be present.
If Envoy is used as the proxy, the value may contain
[variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example
\`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request
metadata into the value added.`,
},
{
yaml: false,
name: 'Set',
type: 'map<string|string>: optional',
description: `The set of header value keyed by header name to
add. If one or more header values with the same (case-insensitive) name already exist,
the value set here will replace them all.
If Envoy is used as the proxy, the value may contain
[variable placeholders](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#custom-request-response-headers) for example
\`%DOWNSTREAM_REMOTE_ADDRESS%\` to interpolate dynamic request
metadata into the value added.`,
},
{
yaml: false,
name: 'Remove',
type: 'array<string>: optional',
description: `The set of header names to remove. Only headers
whose names are an <i>case-insensitive</i> exact match will be removed`,
},
]} ]}
/> />

View File

@ -146,6 +146,68 @@ spec:
</CodeTabs> </CodeTabs>
### Set HTTP Headers
Split traffic between two subsets with extra headers added so clients can tell
which version (not yet supported in Kubernetes CRD):
<CodeTabs tabs={[ "HCL", "JSON" ]}>
```hcl
Kind = "service-splitter"
Name = "web"
Splits = [
{
Weight = 90
ServiceSubset = "v1"
ResponseHeaders {
Set {
"X-Web-Version": "v1"
}
}
},
{
Weight = 10
ServiceSubset = "v2"
ResponseHeaders {
Set {
"X-Web-Version": "v2"
}
}
},
]
```
```json
{
"Kind": "service-splitter",
"Name": "web",
"Splits": [
{
"Weight": 90,
"ServiceSubset": "v1",
"ResponseHeaders": {
"Set": {
"X-Web-Version": "v1"
}
}
},
{
"Weight": 10,
"ServiceSubset": "v2",
"ResponseHeaders": {
"Set": {
"X-Web-Version": "v2"
}
}
}
]
}
```
</CodeTabs>
## Available Fields ## Available Fields
<ConfigEntryReference <ConfigEntryReference
@ -231,6 +293,22 @@ spec:
description: description:
'The namespace to resolve the service from instead of the current namespace. If empty the current namespace is assumed.', 'The namespace to resolve the service from instead of the current namespace. If empty the current namespace is assumed.',
}, },
{
yaml: false,
name: 'RequestHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to requests routed to this split.
This cannot be used with a \`tcp\` listener.`,
},
{
yaml: false,
name: 'ResponseHeaders',
type: 'HTTPHeaderModifiers: <optional>',
description: `A set of [HTTP-specific header modification rules](/docs/connect/config-entries/service-router#httpheadermodifiers)
that will be applied to responses from this split.
This cannot be used with a \`tcp\` listener.`,
},
], ],
}, },
]} ]}