I'm trying to wrap my head virtual service url rewrites. This is what I have
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: istio-test
spec:
hosts:
- "*"
gateways:
- istio-test-gateway
http:
- name: "pingpongservice"
match:
- uri:
prefix: /pingpongservice
rewrite:
uri: /
route:
- destination:
host: istio-service-test.default.svc.cluster.local
now when I try a curl with the url http://host:port/pingpongservice I get back the proper response. When I try something like http://host:port/pingpongservice/ping I get the following error
Moved Permanently.
The ping endpoint actually exists in the service I have deployed, so I'm not sure why I'm getting this response back.
I'm using istio on minikube
Related
I have an Istio gateway, Istio VirtualService, and app deployed running as a service. The virtual service is deployed like so:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app-route
spec:
hosts:
- "*"
gateways:
- my-gateway
http:
- match:
- uri:
prefix: "/my-app"
route:
- destination:
host: my-app-service
port:
number: 8000
When I navigate to http://myurl.com/my-app I would expect to see a JSON response from the service it is pointing to, but I just get a 404. However if I remove the match and redeploy like so:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app-route
spec:
hosts:
- "*"
http:
- route:
- destination:
host: my-app-service
port:
number: 800
And then go to http://myurl.com/my-app I can see the expected JSON response. Any help?
I was trying to access OpenFaaS through istio in which I have included gateway and virtual service.
I need to create a separate endpoint for the OpenFaaS eg.: "http://istio_ingress_Loadbalancer/openfaas" - This should give me OpenFaaS UI.
Can anyone please help me, regarding I have hard time accessing this?
Below is the code I have written for gateway and virtual service.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: openfaas-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: openfaas-vs
spec:
hosts:
- "*"
gateways:
- openfaas-gateway.openfaas.svc.cluster.local
http:
- match:
- uri:
prefix: /openfaas
route:
- destination:
host: gateway.openfaas.svc.cluster.local
port:
number: 8080
Add the namespace property in your Gateway yaml file.
Reference the gateway in your VirtualService yaml file with the following format : <gateway-namespace>/<gateway-name>
https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService
I have an Istio VirtualService with a match and a route and redirect url defined as follows:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-pro
spec:
hosts:
- "*"
gateways:
- my-gateway
http:
- match:
- uri:
prefix: /events
route:
- destination:
host: event-service
port:
number: 8000
- match:
- uri:
prefix: /blog
redirect:
uri: /
authority: blog.mydomain.com
- route:
- destination:
host: default-service
port:
number: 8000
this VirtualService work as follows:
if the request is www.mydomain.com/events it will forward to event-service.
if the request is www.mydomain.com/blog it will redirect host to blog.mydomain.com.
if the request is www.mydomain.com/anyother it will forward to default-service.
In case no.2 I am redirecting www.mydomain.com/blog to blog.mydomain.com page because my blog page is hosted on that domain.
now my problem is while redirecting the URL, the browser URL is changing to blog.mydomain.com. I want it to remain the same www.mydomain.com/blog but the content of blog.mydomain.com should be display on the screen.
I think you should use rewrite with a destination : https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRewrite
If the destination is external to the Service Mesh, you'll also need a ServiceEntry
- match:
- uri:
prefix: /blog
name: blog.mydomain.com
rewrite:
authority: blog.mydomain.com
uri: /blog
route:
- destination:
host: blog.mydomain.com
Add the above rule in the virtual service, then create this service entry.
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: blog
spec:
hosts:
- blog.mydomain.com
location: MESH_EXTERNAL
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
I am trying to add ext_authz filter to istio ingress-gateway for requests authentication. But when I'm adding this filter to cluster it seems like it is not added to envoy configuration, i.e. it is not working.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: authn-filter
namespace: istio-system
spec:
filters:
- insertPosition:
index: FIRST
listenerMatch:
portNumber: 433
listenerType: GATEWAY
listenerProtocol: HTTP
filterType: HTTP
filterName: "envoy.ext_authz"
filterConfig:
http_service:
server-uri:
uri: http://auth.default.svc.cluster.local:8080
cluster: outbound|8080||auth.default.svc.cluster.local
timeout: 2s
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: auth-virtualservice
spec:
hosts:
- "*"
gateways:
- gateway.default.svc.cluster.local
http:
- match:
- uri:
prefix: "/auth"
route:
- destination:
host: auth.default.svc.cluster.local
I figured that out, the problem was caused by the old version of istio deployed on the cluster
Set up istio and the basic bookinfo app
set up the virtual service as such:
one with headers:
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: bookinfo
spec:
hosts:
- '*'
gateways:
- bookinfo-gateway
http:
- match:
- headers:
apiKey:
exact: test
rewrite:
uri: /productpage
route:
- destination:
host: productpage
port:
number: 9080
tcp: ~
tls: ~
and another with queryParams as the routing differentiator:
kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
name: bookinfo
spec:
hosts:
- '*'
gateways:
- bookinfo-gateway
http:
- match:
- headers:
apiKey:
exact: test
rewrite:
uri: /productpage
route:
- destination:
host: productpage
port:
number: 9080
tcp: ~
tls: ~
For some reason, the header policy seems to work fine. i.e if I dont submit the header=test, istio will return 404.
HOWEVER, for the queryParams, it is always returning thruthy. am I doing something wrong? or is this an istio related issue at its core.
(note: these 2 vs are not running in parallel, but rather an update from one to another, so it cant be some wonkyness with having 2 similar VS)
Ideally i would expect for the queryParam vs headers to act the same.
This was in fact a quasi-defect.
The docs for istio-1.2 was incorrectly stating feature that was found in 1.3.
For those of you in a similar situation, upgrading to istio 1.3.x should resolve it.