Istio proxy_pass from external resources

JohnJon · January 23, 2022, 8:44am

Hi,
headbanging here how to make like proxy_pass with istio ?

I want to open address mydomain .com/cnn in my browser, address stays the same, doesn’t redirect. In the background it loads everything from https://www.cnn.com. This setup could be useful for kibana or similar scenarios.

Attempt so far:

---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: cnn-se
  namespace: istio-system
spec:
  hosts:
    - "cnn.com"
  ports:
    - number: 443
      name: https-port
      protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: cnn-proxy-dr
  namespace: istio-system
spec:
  host: cnn.com
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
    portLevelSettings:
      - port:
          number: 443
        tls:
          mode: SIMPLE
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: my-virtualservice
  namespace: istio-system
spec:
  gateways:
    - istio-system/http-gateway
  hosts:
    - mydomain.com
  http:
    - name: rule1
      headers:
        request:
          set:
            Host: cnn.com
      match:
        - uri:
            exact: "/cnn"
      rewrite:
        uri: "/"
      route:
        - destination:
            host: cnn.com
            port:
              number: 443

JohnJon · January 26, 2022, 10:42am

Providing answer to my own question:

so proxy_passing example for dktest . mydomain .com/cnn

---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: dktest
  namespace: istio-system
spec:
  hosts:
    - "dktest.mydomain.com"
  gateways:
    - istio-system/http-gateway
  http:
    - name: dktest
      headers:
        request:
          set:
            Host: www.cnn.com
      match:
        - uri:
            prefix: "/cnn"
      rewrite:
        uri: "/"
      route:
        - destination:
            host: www.cnn.com
            port:
              number: 443
          weight: 100

---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: dktest-dr
  namespace: istio-system
spec:
  host: www.cnn.com
  trafficPolicy:
    portLevelSettings:
      - port:
          number: 443
        tls:
          mode: SIMPLE
    connectionPool:
      tcp:
        maxConnections: 100
        connectTimeout: 5s
        tcpKeepalive:
          time: 7200s
          interval: 75s
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 10

---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: dktest-ext
  namespace: istio-system
spec:
  hosts:
    - www.cnn.com
  ports:
    - number: 80
      name: http-port
      protocol: HTTP
      targetPort: 80
    - number: 443
      name: https-port
      protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL

Topic		Replies	Views
Redirect the outbound access through Virtual Service to external proxy Networking	0	390	August 4, 2021
VirtualService - Redirect to an external URL	8	16579	May 14, 2020
Can the Istio ingressgateway proxy traffic to external HTTPS service? Networking	3	2406	September 15, 2020
Egress TLS Origination works for one domain but not for other Config	0	449	January 18, 2020
Istio VirtualService Proxy to external HTTPS service? Networking	1	437	September 28, 2022

Istio proxy_pass from external resources

Related topics