Hi all,
I’m using istio 1.5.1 on minikube.
minikube version: v1.9.0
commit: 48fefd43444d2f8852f527c78f0141b377b1e42a`
Kubernetes version is 1.18.0
I need to validate jwt tokens using custom service providing public key as a field of json payload. To do it I added an EnvoyFilter as following
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: reviews-lua
namespace: default
spec:
workloadLabels:
app: reviews
filters:
- listenerMatch:
portNumber: 9080
listenerType: SIDECAR_INBOUND
listenerProtocol: HTTP
filterName: envoy.lua
filterType: HTTP
filterConfig:
inlineCode: |
function envoy_on_request(request_handle)
request_handle:logWarn("Start")
local sso_request = {
[":method"] = "GET",
[":path"] = "/PATHTOENDPOINT",
[":authority"] = "MYHOSTNAME",
["Authorization"] = "Basic AUTHORIZATIONKEY"
}
request_handle:logWarn("Request created")
local response_headers, response_body = request_handle:httpCall(
"outbound|443||MYHOSTNAME",
sso_request,
"",
5000
)
end
I used an istio example and deployed as following
kubectl apply -f istio-1.5.1/samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f istio-1.5.1/samples/bookinfo/networking/bookinfo-gateway.yaml
kubectl apply -f istio-1.5.1/samples/bookinfo/networking/destination-rule-all.yaml
kubectl apply -f istio-1.5.1/samples/bookinfo/networking/virtual-service-all-v1.yaml
To test my filter I open a web page via port 9080 and click on “Normal user” link.
When I view istio-proxy logs I see log messages “Start” and “Request created” which means that code is executed. After that I see error
script log: upstream connect error or disconnect/reset before headers. reset reason: connection termination
I tried ssh to “istio-proxy” and “reviews” containers of “reviews-v1” pod and do
curl MYHOSTNAME/PATHTOENDPOINT -H “Authorization: Basic AUTHORIZATIONKEY”
and it worked just fine in both cases.
I have added a service entry as following (Not sure there was a need to do it)
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: sso-2k
spec:
hosts:
- MYHOSTNAME
location: MESH_EXTERNAL
ports:
- number: 443
name: https
protocol: TLS
resolution: DNS
Could you please explain me what I’m missing? Why is my call from lua failing all the time?