Reputation: 141
how to forward request to public service like cdn using istio virtualservice?
i'm trying to reverse proxy using istio virtual service
it is possible forward request in virtual service? (like nginx's proxy_pass)
in result,
- http://myservice.com/about/* -> forward request to CDN (external service outside k8s system - aws s3, etc....)
- http://myservice.com/* -> my-service-web (internal service includes in istio mesh)
defined serviceentry, but it just "redirect", not forward reqeust.
here is my serviceentry.yaml and virtualservice.yaml
- serviceentry.yaml
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: my-service-proxy
namespace: my-service
spec:
hosts:
- CDN_URL
location: MESH_EXTERNAL
ports:
- number: 80
name: http
protocol: HTTP
- number: 443
name: https
protocol: TLS
resolution: DNS
- virtualservice.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-service
namespace: my-service
spec:
hosts:
- myservice.com
gateways:
- myservice
http:
- match:
- uri:
prefix: /about
rewrite:
authority: CDN_URL
uri: /
route:
- destination:
host: CDN_URL
- route:
- destination:
host: my-service-web.svc.cluster.local
port:
number: 80
virtualservice can acts like nginx-igress?
Upvotes: 2
Views: 1345
Answers (1)
Reputation: 8830
Based on that istio discuss
User @palic asked same question here
Shouldn’t it be possible to let ISTIO do the reverse proxy thing, so that no one needs a webserver (httpd/nginx/ lighthttpd/…) to do the reverse proxy job?
And the answer provided by @Daniel_Watrous
The job of the Istio control plane is to configure a fleet of reverse proxies. The purpose of the webserver is to serve content, not reverse proxy. The reverse proxy technology at the heart of Istio is Envoy, and Envoy can be use as a replacement for HAProxy, nginx, Apache, F5, or any other component that is being used as a reverse proxy.
it is possible forward request in virtual service
Based on that I would say it's not possible to do in virtual service, it's just rewrite(redirect), which I assume is working for you.
when i need function of reverse proxy, then i have to using nginx ingresscontroller (or other things) instead of istio igress gateway?
If we talk about reverse proxy, then yes, you need to use other technology than istio itself.
As far as I'm concerned, you could use some nginx pod, which would be configured as reverse proxy to the external service, and it will be the host for your virtual service.
So it would look like in below example.
EXAMPLE
ingress gateway -> Virtual Service -> nginx pod ( reverse proxy configured on nginx)
Service entry -> accessibility of URLs outside of the cluster
Let me know if you have any more questions.
Upvotes: 2
Related Questions
- Istio - redirect request to external url
- How can I Port Forward to an istio VirtualService?
- browsing Istio/k8s services from internet
- Istio VirtualService Networking outside of cluster
- Istio ingress gateway subdomainrouting based
- Expose services via Istio ingress gateway
- Using Istio VirtualService from inside of the cluster
- How to use Istio Virtual Service in-between front and back services
- Istio - Expose virtualservices through gateway
- Route to external site via Istio Virtual Service