0

I've setup EKS + istio ingress gateway following https://aws.amazon.com/blogs/containers/secure-end-to-end-traffic-on-amazon-eks-using-tls-certificate-in-acm-alb-and-istio/ and it works fine. I want to add uri prefix in virtualservice such that http://domain.tld/vote needs to be displaying vote app created in another namespace in the cluster.

I've used the following istio virtualservice. https://domain.tld works fine however https://domain.tld/vote shows broken layout. screenshot: https://i.is.cc/1ah4YkVU.png

This is the voting app I used for vote service - https://github.com/dockersamples/example-voting-app which use multiple containers. Can someone shed some light on this please?

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: yelb-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 443
        name: https-443
        protocol: HTTPS
      tls:
        mode: SIMPLE
        credentialName: "tls-secret"
      hosts:
        - "*"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vote
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
  - match:
    - uri:
        prefix: /vote
    rewrite:
      uri: "/"
    route:
    - destination:
        host: vote.vote2.svc.cluster.local
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: yelb-ui
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
    - route:
        - destination:
            host: yelb-ui
            port:
              number: 80
      match:
        - uri:
            prefix: /

without a rewrite rule, http://domain.tld/vote was showing 404 errors. with the above rewrite rule,the url is loading but the layout is broken.

ssrulz1
  • 1
  • 1

1 Answers1

1

You can use one single virtual service like below instead of two. As the port number defined in service 5000 you can mention the same in virutal service. Also in service definition you can use type as "ClusterIP" instead of NodePort. And add "protocol: TCP" in your service definition.

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vote
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
  - match:
    - uri:
        prefix: /vote    
    route:
    - destination:
        host: vote.vote2.svc.cluster.local 
        port:
          number: 5000
    - uri:
        prefix: /    
    route:
    - destination:
        host: yelb-ui.default.svc.cluster.local
        port:
          number: <yelb-service-port-number>
Nataraj Medayhal
  • 980
  • 1
  • 2
  • 12
  • added 5000 in virtualservice but no changes. http://domain & http://domain/vote needs to be pointing to svc in multiple ns. https://domain works but https://domain/vote show broken layout svc is of ClusterIP NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE db ClusterIP 10.100.221.195 5432/TCP 19h redis ClusterIP 10.100.97.213 6379/TCP 19h result ClusterIP 10.100.84.226 5001/TCP 19h vote ClusterIP 10.100.231.245 5000/TCP 19h – ssrulz1 Jan 19 '23 at 07:40
  • http://domain/vote loads fine with it but both http://domain/ & http://domain/vote shows the same service (vote.vote2.svc.cluster.local ) now. How can they be pointing to seperate services? – ssrulz1 Jan 19 '23 at 07:46
  • Nataraj, its ALMOST fixed thanks. https://domain/vote loads fine (broken layout issue fixed) with virtualservice definition you provided. But https://domain shows the same application as of https://domain/vote . How can https://domain pointing to another svc in the default namespace? – ssrulz1 Jan 19 '23 at 07:52
  • More details are required on the query You mean www.abc.com should become www.def.com? – Nataraj Medayhal Jan 19 '23 at 08:20
  • Nataraj, No. Here's my requirement: http://example.com needs to be pointing to yelb-ui service in the default namespace & http://example.com/vote needs to be pointing to vote service in the "vote2" namespace Both the services are of type ClusterIP. – ssrulz1 Jan 19 '23 at 08:37
  • example.com/demo works when I use an nginx service in a separate namespace. but example.com/vote shows a broken layout. example.com/vote is loading fine when I tried the virtualservice given in your initial reply, but https://example.com needs to be pointing to another svc in default namespace – ssrulz1 Jan 19 '23 at 08:44
  • For easy maintenance if service / application pod are different name spaces then you can have two gateway and two virtual service. Or in destination you can specify yelb-ui..svc.cluster.local – Nataraj Medayhal Jan 19 '23 at 08:52
  • Natraj I tried but not working. Could you please provide the corresponding virtualservice and gateway entry for both the services? – ssrulz1 Jan 19 '23 at 09:05
  • Updated the virtual service in the answer – Nataraj Medayhal Jan 19 '23 at 12:55