I would like to pass header foo from service A to service B , but how to do that? VirtualService 's header will work only with actual virtual service and wouldn't be passed to service B (as I would hope) JWTRule describes how we can work propagating jwt to upstream services. changing headers for tracing is possible. Envoy Filter looks promising, but I haven't figured out a straightforward way to do that, atm. What am I missing? How propagation of a particular header or group of headers can be done to upstream services without changing services source code.

Reputation: 5395

Headers propagation to upstream services in Istio

I would like to pass header foo from service A to service B, but how to do that?

VirtualService's header will work only with actual virtual service and wouldn't be passed to service B (as I would hope)
JWTRule describes how we can work propagating jwt to upstream services.
changing headers for tracing is possible.
Envoy Filter looks promising, but I haven't figured out a straightforward way to do that, atm.

What am I missing? How propagation of a particular header or group of headers can be done to upstream services without changing services source code.

Upvotes: 0

Answers (1)

Rinor

Reputation: 1979

VirtualServices can configure service-to-service traffic, just as it configures traffic to be rotued from the ingress gateway to the services.

For example with this virtual service, you will add the test header in the requests with the echo destination:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: echo
spec:
  hosts:
  - echo
  http:
  - headers:
      request:
        set:
          test: "true"
    route:
    - destination:
        host: echo

To verify that create a two deployments so that we can make a request from one to another:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: echo
  name: echo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
    spec:
      containers:
      - image: ealen/echo-server
        imagePullPolicy: IfNotPresent
        name: echo
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        env:
        - name: PORT
          value: '8080'
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: echo
  name: echo
spec:
  ports:
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: governmentpaas/curl-ssl
        command: ["/bin/sleep", "3650d"]

Wait until it is up and execute a request against the echo server:

kubectl exec -it deploy/sleep -- /bin/sh -c 'curl echo:8080'

And you will see that the test header is added in the request header, this can be seen in the response where the echo server echoes the headers and in the logs of the echo server.

Note: For the above to work all need to be applied in the same namespace. The namespace must be labeled for sidecar injection.

Upvotes: 1

Headers propagation to upstream services in Istio

Answers (1)

Related Questions