I have some onprem cluster , some backend service are running in http , some are running in https.
as of now Do not have istio side car configured.
call with http backend traffic is working.. but with https backend it is giving 503 error.
gateway:
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: istio-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: https
number: 8443
protocol: HTTPS
tls:
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
- hosts:
- '*'
port:
name: http
number: 80
protocol: HTTP
virtual service:
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: metalk8s-ui-proxies-https
namespace: metalk8s-ui
spec:
gateways:
- istio-system/istio-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /api/kubernetes/
route:
- destination:
host: kubernetes-api-ds
port:
number: 443
weight: 100
- match:
- uri:
prefix: /api/salt/
route:
- destination:
host: salt-api
port:
number: 4507
weight: 100
destination rule :
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: kubernetes-api-ds
namespace: metalk8s-ui
spec:
host: kubernetes-api
trafficPolicy:
portLevelSettings:
- loadBalancer:
simple: ROUND_ROBIN
port:
number: 443
tls:
caCertificates: /etc/istio/ingressgateway-certs/tls.crt
mode: SIMPLE
privateKey: /etc/istio/ingressgateway-certs/tls.key
Without destination rule configured it was giving 400 error ( client sent http request to https server) .
basically the backend service works with nginx ingress .. we are trying to replace the nginx with istio..
For this particular uri path nginx ingress was :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx-control-plane
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
labels:
app: metalk8s-ui
app.kubernetes.io/managed-by: salt
app.kubernetes.io/name: metalk8s-ui
app.kubernetes.io/part-of: metalk8s
heritage: salt
metalk8s.scality.com/version: 2.6.0-dev
name: metalk8s-ui-proxies-https
namespace: metalk8s-ui
spec:
rules:
- http:
paths:
- backend:
serviceName: kubernetes-api
servicePort: 443
path: /api/kubernetes(/|$)(.*)
- backend:
serviceName: salt-api
servicePort: 4507
path: /api/salt(/|$)(.*)
status:
loadBalancer:
ingress:
- ip: 10.105.58.133
nginx.ingress.kubernetes.io/backend-protocol: HTTPS --> this was the annotation to define the backend protocol..
could someone please help , how to achieve the same in istio ..
question from:
https://stackoverflow.com/questions/65940324/access-both-https-http-backend-service-from-istio-gw-without-sidecar 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…