I'm currently migrating an IT environment from Nginx Ingress Gateway to IstIO Ingress Gateway on Kubernetes.
I need to migrate the following Nginx annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size
nginx.ingress.kubernetes.io/proxy-read-timeout
nginx.ingress.kubernetes.io/proxy-send-timeout
nginx.ingress.kubernetes.io/proxy-body-size
nginx.ingress.kubernetes.io/upstream-vhost
For Nginx, the annotations are documented here: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
I didn't find the way of use for the IstIO Ingress Gateway on the documentation of IstIO for the Nginx annotations.
Does anyone know how to implement the above mentioned annotations in the IstIO Ingress Gateway?
I think I found how to set nginx.ingress.kubernetes.io/proxy-body-size in Istio.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: reviews-lua
namespace: bookinfo
spec:
workloadSelector:
labels:
app: reviews
configPatches:
# The first patch adds the lua filter to the listener/http connection manager
- applyTo: HTTP_FILTER
match:
context: SIDECAR_INBOUND
listener:
portNumber: 8080
filterChain:
filter:
name: "envoy.http_connection_manager"
subFilter:
name: "envoy.router"
patch:
operation: INSERT_BEFORE
value: # lua filter specification
name: envoy.lua
config:
inlineCode: |
function envoy_on_request(request_handle)
request_handle:headers():add("request_body_size", request_handle:body():length())
end
And also the TLS ciphers:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: my-tls-ingress
spec:
selector:
app: my-tls-ingress-gateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
cipherSuites: "<tls-ciphers>"