VirtualService - Redirect to an external URL

Hello,

How can we redirect a particular URL to an location outside istio cluster:

currently in nginx we are handling using following block:

location /cbp/css/cbp-js-sdk.fonts.min.css {

  proxy_pass http://static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css;

}

How can we replicate this in virtual service.

I have tried following configs:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
  gateways:
  - company-gateway
  hosts:
  - istio-gke.lle-mcommerce.company.com
  http:
  - match:
    - uri:
        exact: /cbp/css/cbp-js-sdk.fonts.min.css
    rewrite:
      uri: /cbp/live/cbp-js-sdk.fonts.min.css
    route:
    - destination:
        host: static-bucket.company.com

and

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
  gateways:
  - kohls-gateway
  hosts:
  - istio-gke.lle-mcommerce.company.com
  http:
  - match:
    - uri:
        exact: /cbp/css/cbp-js-sdk.fonts.min.css
    redirect:
      uri: static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css

both these config are trying to fetch “istio-gke.lle-mcommerce.company.com/static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css” i.e. “host/uri”.

How can we do the proper proxy pass like nxing does.

Do you have a service entry for static-bucket.company.com?

Yes I have the service entry and it looks like this:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: openapi-ext
spec:
  hosts:
  - '*.visa.com'
  - '*.masterpass.com'
  - '*.debian.org'
  - '*.ibm.com'
  - '*.company.com'
  - '*.akamaiedge.net'
  - static-bucket.company.com
  location: MESH_EXTERNAL
  ports:
  - name: http
    number: 80
    protocol: HTTP
  - name: https
    number: 443
    protocol: HTTPS
  resolution: NONE

Can you try using rewrite/redirect with route destination

http:
  - match:
    - uri:
        exact: /cbp/css/cbp-js-sdk.fonts.min.css
    redirect:
      uri: /cbp/live/cbp-js-sdk.fonts.min.css
    # or maybe rewrite and route
    # rewrite:
    #  uri: "/cbp/live/cbp-js-sdk.fonts.min.css"
    route:
    - destination:
        host: static-bucket.company.com

Redirect and route wont go together, it gives following error:

error: virtualservices.networking.istio.io “routes” could not be patched: admission webhook “pilot.validation.istio.io” denied the request: configuration is invalid: HTTP route cannot contain both route and redirect

I have tried rewrite with route/destination:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
  gateways:
  - company-gateway
  hosts:
  - istio-gke.lle-mcommerce.company.com
  http:
  - match:
    - uri:
        exact: /cbp/css/cbp-js-sdk.fonts.min.css
    rewrite:
      uri: /cbp/live/cbp-js-sdk.fonts.min.css
    route:
    - destination:
        host: static-bucket.company.com

but it is taking everything in destination.host and rewrite.uri and appending it to hosts.

Do we even have the functionality of proxy passing in istio ??

I am trying to replicate what nginx does for us in following snippet:

location /cbp/css/cbp-js-sdk.fonts.min.css {

  proxy_pass http://static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css;

}

Making this post to grab some attention from contributors and users who has similar requirements.

I’m also interested in understanding if this is possible with Istio.

I have a redirect out to a google bucket, but the principle is the same:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-svc-https
  namespace: blah
spec:
  hosts:
  - storage.googleapis.com
  location: MESH_EXTERNAL
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: DNS # This is really important
---
# in the virtualservice
  - match:
    - uri:
        exact: /
      authority:
        exact: internal.blah.io
      gateways:
      - internal.istio-system.svc.cluster.local
    rewrite:
      uri: /an-external-path
      authority: storage.googleapis.com # this is pretty important
    route:
    - destination:
        host: storage.googleapis.com