I have an app the depends on external service that is accessed via HTTPS url and is different for QA and PROD environments. The external service is not in Kubernetes and can’t be added using mesh expansion.
I’m trying to figure out if it’s possible to configure my app to talk to something like edition.apps.svc.cluster.local and to configure routing to a correct service for the environment in Istio. So, for test purposes, if my app is deployed to QA it would get routed to edition.cnn.com, and if in production it would be a different url, let’s say www.google.com. Essentially, I need to to arbitrary re-route an HTTP request to an external url.
I’ve tried to update the TLS originating example, but getting
“curl: (6) Could not resolve host: edition.apps.svc.cluster.local”
Example of my definitions:
apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: edition-cnn-com spec: hosts: - edition.cnn.com ports: - number: 80 name: http-port protocol: HTTP - number: 443 name: http-port-for-tls-origination protocol: HTTP resolution: DNS --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: edition.default.svc.cluster.local spec: hosts: - edition.default.svc.cluster.local http: - route: - destination: host: edition.cnn.com port: number: 443 --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: edition-cnn-com spec: hosts: - edition.cnn.com http: - match: - port: 80 route: - destination: host: edition.cnn.com port: number: 443 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: edition-cnn-com spec: host: edition.cnn.com trafficPolicy: loadBalancer: simple: ROUND_ROBIN portLevelSettings: - port: number: 443 tls: mode: SIMPLE # initiates HTTPS when accessing edition.cnn.com
What am I missing? Or is there a different, better way to discover external services? I’ve read about using K8s service without selectors and providing Endpoints, but that leads to maintaining a constantly changing mapping of IP addresses to my service.