我们遵循标准的 AccessLog 格式:
[%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%"
%RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION%
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%"
"%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
我想修改自定义请求(.../退出)的此格式,以不记录敏感数据。可以这样过滤路由吗?
初始化代码:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: ***
namespace: ***
spec:
workloadSelector:
labels:
service.istio.io/canonical-name: ***
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
routeConfiguration:
vhost:
name: "*"
route:
name: "/exit"
action: ANY
patch:
operation: MERGE
value:
value:
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog"
path: /dev/stdout
format: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% \n"
任何人都知道如何解决此问题以过滤掉 /exit 请求?
您应该能够使用遥测资源来做到这一点 - 我认为您可以将特定路径与
filter您可以在此处找到可在 CEL 表达式中使用的属性列表:https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes