Hello,
I am looking to use the TCP tunneling over HTTP feature for one of my use cases. I have been looking at the examples mentioned here, especially this one. The example is great and really works.
But my use case has an additional need, of connecting to downstream cluster per request. So downstream clusters can change for every request. I have tried using the original destination cluster as below with no success.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: orig-dest-filter
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: LISTENER
match:
context: ANY
patch:
operation: ADD
value:
name: proxy
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 8080
useOriginalDst: true
filter_chains:
- filters:
- name: "envoy.filters.network.tcp_proxy"
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy"
stat_prefix: ingress_proxy
cluster: orig_dest
tunneling_config:
hostname: host.com:443
- applyTo: CLUSTER
patch:
operation: ADD
value: # cluster specification
name: orig_dest
type: ORIGINAL_DST
connect_timeout: 5s
# This ensures HTTP/1.1 CONNECT is used for establishing the tunnel.
typed_extension_protocol_options:
envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
explicit_http_config:
http_protocol_options: {}
original_dst_lb_config:
use_http_header: true
lb_policy: CLUSTER_PROVIDED
dns_lookup_family: V4_ONLY
I keep getting error, No downstream connection or no original_dst.
If at all, I could use x-envoy-original-dst-host for specifying the downstream host and port, that would be perfect.
Please help!