Hello,
How can we redirect a particular URL to an location outside istio cluster:
currently in nginx we are handling using following block:
location /cbp/css/cbp-js-sdk.fonts.min.css {
proxy_pass http://static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css;
}
How can we replicate this in virtual service.
I have tried following configs:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
gateways:
- company-gateway
hosts:
- istio-gke.lle-mcommerce.company.com
http:
- match:
- uri:
exact: /cbp/css/cbp-js-sdk.fonts.min.css
rewrite:
uri: /cbp/live/cbp-js-sdk.fonts.min.css
route:
- destination:
host: static-bucket.company.com
and
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
gateways:
- kohls-gateway
hosts:
- istio-gke.lle-mcommerce.company.com
http:
- match:
- uri:
exact: /cbp/css/cbp-js-sdk.fonts.min.css
redirect:
uri: static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css
both these config are trying to fetch “istio-gke.lle-mcommerce.company.com/static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css” i.e. “host/uri”.
How can we do the proper proxy pass like nxing does.
Do you have a service entry for static-bucket.company.com?
Yes I have the service entry and it looks like this:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: openapi-ext
spec:
hosts:
- '*.visa.com'
- '*.masterpass.com'
- '*.debian.org'
- '*.ibm.com'
- '*.company.com'
- '*.akamaiedge.net'
- static-bucket.company.com
location: MESH_EXTERNAL
ports:
- name: http
number: 80
protocol: HTTP
- name: https
number: 443
protocol: HTTPS
resolution: NONE
ansh
4
Can you try using rewrite/redirect with route destination
http:
- match:
- uri:
exact: /cbp/css/cbp-js-sdk.fonts.min.css
redirect:
uri: /cbp/live/cbp-js-sdk.fonts.min.css
# or maybe rewrite and route
# rewrite:
# uri: "/cbp/live/cbp-js-sdk.fonts.min.css"
route:
- destination:
host: static-bucket.company.com
Redirect and route wont go together, it gives following error:
error: virtualservices.networking.istio.io “routes” could not be patched: admission webhook “pilot.validation.istio.io” denied the request: configuration is invalid: HTTP route cannot contain both route and redirect
I have tried rewrite with route/destination:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
gateways:
- company-gateway
hosts:
- istio-gke.lle-mcommerce.company.com
http:
- match:
- uri:
exact: /cbp/css/cbp-js-sdk.fonts.min.css
rewrite:
uri: /cbp/live/cbp-js-sdk.fonts.min.css
route:
- destination:
host: static-bucket.company.com
but it is taking everything in destination.host and rewrite.uri and appending it to hosts.
Do we even have the functionality of proxy passing in istio ??
I am trying to replicate what nginx does for us in following snippet:
location /cbp/css/cbp-js-sdk.fonts.min.css {
proxy_pass http://static-bucket.company.com/cbp/live/cbp-js-sdk.fonts.min.css;
}
Making this post to grab some attention from contributors and users who has similar requirements.
mhite
7
I’m also interested in understanding if this is possible with Istio.
I have a redirect out to a google bucket, but the principle is the same:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: external-svc-https
namespace: blah
spec:
hosts:
- storage.googleapis.com
location: MESH_EXTERNAL
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS # This is really important
---
# in the virtualservice
- match:
- uri:
exact: /
authority:
exact: internal.blah.io
gateways:
- internal.istio-system.svc.cluster.local
rewrite:
uri: /an-external-path
authority: storage.googleapis.com # this is pretty important
route:
- destination:
host: storage.googleapis.com
Hey
Could you please share if you got it to work?
I am trying to achieve the same.
1 Like