在应用时拒绝无效的 Ingress Routes
Skipper is an open-source HTTP router and reverse proxy that can also run as a Kubernetes ingress controller. At Zalando, it is the component that turns Ingress and RouteGroup configuration into live routing behavior. Its routing model is powerful because requests can be matched by predicates, transformed by filters, and then forwarded to backends.
Skipper 是一个开源的 HTTP 路由器和反向代理,也可以作为 Kubernetes ingress 控制器运行。在 Zalando,它是将 Ingress 和 RouteGroup 配置转换为实时路由行为的组件。其路由模型非常强大,因为请求可以根据谓词匹配、通过过滤器转换,然后转发到后端。
The downside is that Kubernetes has no understanding of Skipper-specific filters and predicates, and therefore cannot validate them through standard Admission Control. For example, a route might reference a non-existing predicate, use a filter with invalid parameters, or define a backend that cannot be parsed. Kubernetes accepts this configuration because it is syntactically valid, but from Skipper’s perspective, the route is broken.
缺点是 Kubernetes 无法理解 Skipper 特定的 filters 和 predicates,因此无法通过标准的 Admission Control 来验证它们。例如,一个路由可能引用一个不存在的 predicate、使用带有无效参数的 filter,或者定义一个无法解析的 backend。Kubernetes 接受这个配置,因为它在语法上是有效的,但从 Skipper 的角度来看,该路由是损坏的。
At Zalando scale, these invalid routes are critical. We run Skipper across 250+ Kubernetes clusters, with 15k+ ingresses, ~200k routes, and 500k-2M RPS. At that size, even 1% invalid routes is not background noise. It is real production risk.
在 Zalando 规模下,这些 invalid routes 是关键的。我们在 250+ Kubernetes clusters 上运行 Skipper,拥有 15k+ ingresses、~200k routes 和 500k-2M RPS。在这种规模下,即使 1% invalid routes 也不是背景噪音。它是真实的生产风险。
The goal was simple: reject invalid Skipper routing configuration during kubectl apply.
目标很简单:在 kubectl apply 期间拒绝无效的 Skipper 路由配置。
How Skipper sees a route
Skipper 如何看待路由
A Skipper route is essentially:
Skipper 路由本质上是:
routeId: Predicates -> filters -> backend
The route ID names the route. Predicates decide whether a request matches it. Filters modify the request or response. The backend defines where the traffic goes next.
route ID 命名路由。Predicates 决定请求是否匹配它。Filters 修改请求或响应。Backend 定义...