1

when i use this VS, i can access my http service by 1.2.3.4, but when i change http to tcp,i can not access my http service by 1.2.3.4,what happened?

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin-vir
spec:
  hosts:
    - httpbin.default.svc.cluster.local
    - 1.2.3.4
  http:
    - match:
        - port: 8000
          sourceLabels:
            version: base
      route:
        - destination:
            host: httpbin.default.svc.cluster.local
            subset: base
    - match:
        - port: 8000
          sourceLabels:
            version: feature
      route:
        - destination:
            host: httpbin.default.svc.cluster.local
            subset: feature

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin-vir
spec:
  hosts:
    - httpbin.default.svc.cluster.local
    - 1.2.3.4
  tcp:
    - match:
        - port: 8000
          sourceLabels:
            version: base
      route:
        - destination:
            host: httpbin.default.svc.cluster.local
            subset: base
    - match:
        - port: 8000
          sourceLabels:
            version: feature
      route:
        - destination:
            host: httpbin.default.svc.cluster.local
            subset: feature

If this method doesn't work, I would like to know how to access my service through 1.2.3.4 under TCP route

LB zhang
  • 11
  • 1

1 Answers1

0

I'm not so familier with istio configuration, but I know istio uses Envoy as reverse proxy.

When you configured TCP proxy you must implicit enable CONNECT support since it's off by default.

Also CONNECT request does not have path so you will also need to configure the connect_matcher.

Anyway, This is not recommended since can it can create major security holes if not configured correctly, as the upstream will be forwarded unsanitized headers if they are in the body payload.

HaimBi
  • 13
  • 4