參照 https://github.com/istio/istio/pull/10064
grpc-web連接ASM需要兩步
1、配置 Service的端口名爲grpc-web前綴,使istio可識別爲grpc-web服務
apiVersion: v1
kind: Service
metadata:
labels:
app: iam-pod
name: iam-svc
namespace: release
spec:
ports:
- name: grpc-web-port
port: 10010
protocol: TCP
targetPort: 10010
selector:
app: iam-pod
2、配置 VirtualService 的corsPolicy屬性
需注意在istio1.6中需設置allowOrigins: - regex: .* 而不是 allowOrigin: - "*"
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: api-vsvc
namespace: release
spec:
gateways:
- api-gateway
hosts:
- '*'
http:
- corsPolicy:
allowCredentials: true
allowHeaders:
- grpc-timeout
- content-type
- keep-alive
- user-agent
- cache-control
- content-type
- content-transfer-encoding
- custom-header-1
- x-accept-content-transfer-encoding
- x-accept-response-streaming
- x-user-agent
- x-grpc-web
- device-tag
- token
allowMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
allowOrigins:
- regex: .*
exposeHeaders:
- custom-header-1
- grpc-status
- grpc-message
maxAge: 1728s
match:
- port: 8080
route:
- destination:
host: iam-svc
port:
number: 10010