Client Pod identity in http request header while internal service call
I have deployed an application on Kubernetes and exposed with Istio service mesh. There is 2 components in the application, UI and API. I am trying to setup canary based setup to enable AB testing. So, for these 2 components, there is 2 versions (v1 and v2) has deployed, so (min) 4 pods are running.
Assume, v1 is stable and v2 is release version. Version v1 will serve real internet traffic and version v2 will serve the request from specific ip address to make sure promotion of version v2 will not impact real production environment. Refer the attached image for clarity of traffic flow within application.
Testing of UI V2 (release version) is quite easy by filter real client ip address of user using virtualService-
- headers:
x-forwarded-for:
regex: .*1.2.3.4.*
Testing of API v2 (release version) is complex, because it is not exposed to internet and must serve traffic only from UI v2 (release version) internally but I am unable to do.
url = "http://service-api"
hdr = { 'CALLER_POD' : 'ui_v2_pod_hostname_with_release' }
req = urllib.request.Request(url, headers=hdr)
response = urllib.request.urlopen(req)
One hacky trick I have applied in application, added custom http request headers "CALLER_POD" while calling API from UI v2 pod, so that API virtualService can filter out request based on "CALLER_POD". But it looks more complex because it need code refactoring on a broader level and more human manageable in future if any changes come.
Is there any way to add UI v2 pod identity (preferable hostname) in http request header while calling API service internally on Kubernetes or Istio level.
Have you tried using sourceLabels based routing? For example:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: socks-com
spec:
hosts:
- sock.com
http:
- match:
- sourceLabels:
UI: v2
- route:
- destination:
host: API
label: v2
- route:
- destination:
host: API
subset: v1
It would also require DestinationRule update with two subsets.
- MIME type of .mjs files is "text/html" when deploying React (ViteJS) app to Azure Kubernetes
- how to connect to local network from kubernetes pod
- How to check ephemeral storage that is allocated to EKS node
- Single Container Pod yaml
- How is a service connected to a pod? In yaml, what fields need to match between service and pod?
- Helm's v3 Example Doesn't Show Multi-line Properties. Get YAML to JSON parse error
- Kubectl command to list pods of a deployment in Kubernetes
- Kubernetes: list all pods and its nodes
- how to uninstall minikube from ubuntu, i get an 'Unable to load cached images' error
- Failed to start minikube with virtualbox driver on ubuntu 20.04
- Using Minikube: deployed SQL Server 2022, but it's not reachable on host machine using ssms
- Kubernetes Application with multiple Resources single YAML
- Nat Gateway Profile for AKS using terraform
- kubectl logs - continuously
- How do i update helm repo to the latest version
- 0/1 nodes are available: 1 pod has unbound immediate PersistentVolumeClaims
- Is there a name or standard for the YAML format used to describe kubernetes resources?
- Kubernetes Persisten Volumes
- Kubernetes Authentication no re-create token
- .NET 8 app in Rancher only listening on http port
- Issue injecting helm value on configmap
- Which rights are missing? Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy
- is it possible to shrink the spaces of io.containerd.snapshotter.v1.overlayfs folder in kubernetes
- How can I get pods by label, using the python kubernetes api?
- Failed calling webhook "namespace.sidecar-injector.istio.io"
- How to Hard Limit Of Storage Usage
- Vault does not return token renewed by script
- Delete Kubernetes namespace with delay
- Redis Sentinel doesn't auto discover new slave instances
- Azure pipelines: abstract away parameters