(kubernetes/GKE) How do I route traffic in istio based on client IP address?

Asked Sep 15 '20 at 10:04

Active Sep 15 '20 at 10:04

Viewed 298 times

I am using GKE, with it's own set of istio mesh enabled. I do have a gateway and a virtual service, which is routing traffic just fine. But I wanted to direct traffic to diffrent paths based on source IPs. I do realise that we could use match / headers in virtual service as shown in this question, as below:

  - match:
- headers:
    x-forwarded-for:
      exact: 123.123.123.123

But it doesnt seem to work for me. Please suggest, thanks a lot.

asked Sep 15 '20 at 10:04

RAGHU NANDAN

Hi, there are several things that could make this difficult. First if you are using a loadbalancer, it could be overwriting source ip. Second it depends on your gateway configuration and protocol that is being used. Can you provide more details how requests reach your cluster? Also could you provide yaml manifests of your gateway, virtualservice, destinationrules, service and deployment? – Piotr Malec Sep 15 '20 at 15:04
Hi Thank you very much for the quick response, I will check the loadbalancer settings and other criteria. – RAGHU NANDAN Sep 16 '20 at 06:07
According to this SO [answer](https://stackoverflow.com/questions/63647973/istio-authorization-policy-not-applying-on-child-gateway/63682724#63682724), you will also need to set `externalTrafficPolicy` to `local`. – Piotr Malec Sep 16 '20 at 13:13

(kubernetes/GKE) How do I route traffic in istio based on client IP address?

0 Answers0