Redirect internal request to external ingressgateway directly towards it

fentas · February 14, 2020, 10:35am

I have the following endpoint docker.example.com which works fine - reachable (with ssl termination / sni).
Now I want that if an internal container calls docker.example.com that it won’t resolve the external ip address but rather directly the internal service ip from the istio-ingressgateway service (for valid tls termination). I tried it with a simple Virtual Service like

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: harbor-core-internal
spec:
  hosts:
  - docker.example.com
  http:
  - route:
    - destination:
        host: istio-ingressgateway.istio-system.svc.cluster.local

but this does not work. It still resolves the external ip. Any ideas?
Thanks a lot

ps.:
I did this with another service - not directly to istio-ingressgateway and no tls/ssl this works.

sam46 · February 14, 2020, 8:28pm

Hi, can you elaborate on how you solved this?

fentas · February 28, 2020, 11:52am

I didn’t solve it.
I worked around it enbabling insecure registry etc.

Topic		Replies	Views
Can the Istio ingressgateway proxy traffic to external HTTPS service? Networking	3	2435	September 15, 2020
Redirecting SMPP From Ingress to Egress and TLS Networking security	0	409	January 31, 2023
Routing directly from ingress gateway to an external service via egress gateway Networking	3	1873	June 10, 2020
How to originate TLS when forwarding to external ServiceEntry Networking	14	797	July 17, 2023
Forward source IP of HTTPS request Networking	12	6334	July 29, 2020

Redirect internal request to external ingressgateway directly towards it

Related topics