ctgw_wasm: A C++ repository from dxq174510447

编译

clang toolchain with libc++ configured
bazel release build...
Building...
 bazel build --config=libc++ --verbose_failures --show_task_finish --experimental_generate_json_trace_profile --test_output=errors --repository_cache=/build/repository_cache --experimental_repository_cache_hardlinks --nocache_test_results -c opt //source/exe:envoy-static

构建

先下载接口项目 https://github.com/proxy-wasm/proxy-wasm-cpp-sdk ，生成构建镜像

docker build -t wasmsdk:v2 -f Dockerfile-sdk .

部署代码机器kubectl命令，让其可直接连接k8s环境
下载项目，通过编译命令生成wasm文件

docker run -v $PWD:/work -w /work  wasmsdk:v2 /build_wasm.sh

构建包含wasm文件的envoy镜像

docker build -t registry.dev.chelizitech.com/saas/cproxyv2:1.8.5  .
docker push registry.dev.chelizitech.com/saas/cproxyv2:1.8.5

修改istio default的镜像默认值
/root/istio/istio-1.8.1/manifests/profiles/default.yaml的.Values.global.proxy.image改成registry.dev.chelizitech.com/saas/cproxyv2:1.7.4，顺便把日志级别改成info

位于istioctl install --manifests /root/istio/istio-1.8.1/manifests,

安装

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: ctgw-filter1
  namespace: istio-system
spec:
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: envoy.filters.network.http_connection_manager
            subFilter:
              name: envoy.filters.http.router
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.filters.http.wasm
        typed_config:
          '@type': type.googleapis.com/udpa.type.v1.TypedStruct
          type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
          value:
            config:
              name: my_plugin
              root_id: my_root_id
              configuration: 
                "@type": "type.googleapis.com/google.protobuf.StringValue"
                value: |
                  {}
              vm_config:
                runtime: envoy.wasm.runtime.v8
                configuration: 
                  '@type': type.googleapis.com/google.protobuf.StringValue
                  value: |
                    {"redisHost":"10.9.40.193","redisPort":"6379","redisPwd":"Clt@123456"}
                code:
                  local:
                    filename: /home/istio-proxy/ctgw.wasm
EOF

istioctl proxy-config listener istio-ingressgateway-999b5d4c9-xpvdx  -n=istio-system --port 8080 --type HTTP -o json

curl -iv  -XGET http://10.9.40.47:31973/productpage -H "Authorization: Bearer $token1"

额外配置

jwt.yaml

kubectl apply -f - <<EOF
apiVersion: "security.istio.io/v1beta1"
kind: "RequestAuthentication"
metadata:
  name: "jwt-example"
  namespace: istio-system
spec:
  selector:
    matchLabels:
      istio: ingressgateway
  jwtRules:
  - issuer: "platform"
    jwks: |
      {"keys":[{"kty":"RSA","e":"AQAB","kid":"v1","n":"ll1OO9BmbOh3KWgp7U7hgRdvuvloJRqDM4tK5dY7z9hbIor8OdbGDdf0z-w2Pt0BfUe-tme31xg61kgFaiFcAJZ7rtGGnBXCUYBTn7tOWlYn38knpQSVMjh8d_HDY4GS8QTmlhjZ4ZIE1XmmGAyMP4FxWRjL2Lc4QAmWsh4N7zE"}]}
EOF

问题

registry.dev.chelizitech.com/saas/cproxyv2:202112211721 使用 envoy-9a56af58541f322d8bb4b445e5a9290d068da4b3 examle编译

dxq174510447/ctgw_wasm

编译

构建

额外配置

问题