Need some help in configuring rewrite with ext_auth and upstream service.
- Have a backend service called crs and auth
- I configured ext_auth with Istio to auth service.
- Every call to /crs will go to auth service and if it is succeed then the call will be redirect to crs service.
- I have following Virtual Service configuration where i have rewrite_uri to / So that crs service will get path after anything that user enter ex: crs/config?param=123 → config?param=123
- But before the call going to crs the call goes to auth service and the path is config?param=123 which auth service can’t understand as it is expecting crs/ in the path to do some validation.
- If I change rewrite: uri to /crs/ Then auth service will work as it gets crs/config?param=123 but after auth succeed and the call goes to crs service, it won’t understand prefix crs and fails with error (path not found)
This was never an issue when I used envoy (prefix_rewrite) as a gateway proxy (before trying istio) as by default envoy passes the path to the Auth service (since you configure ext_auth globally) before evaluating the rewrite rules.
Is there a way to have similar behavior where ext_auth gets the path before evaluating the rewrite?
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: crs
spec:
gateways:
- gw-istio
hosts:
- crs.uri
http:
- match:
- uri:
prefix: /crs/
- uri:
prefix: /crs
name: crs-generic
retries:
attempts: 3
perTryTimeout: 2s
rewrite:
uri: "/"
route:
- destination:
host: crs
port:
number: 8080