Search code examples
amazon-eksistioistio-gatewayistio-sidecaristio-operator

istio virtualservice rewrite not working properly

I've setup EKS + istio ingress gateway following https://aws.amazon.com/blogs/containers/secure-end-to-end-traffic-on-amazon-eks-using-tls-certificate-in-acm-alb-and-istio/ and it works fine. I want to add uri prefix in virtualservice such that http://domain.tld/vote needs to be displaying vote app created in another namespace in the cluster.

I've used the following istio virtualservice. https://domain.tld works fine however https://domain.tld/vote shows broken layout. screenshot: https://i.is.cc/1ah4YkVU.png

This is the voting app I used for vote service - https://github.com/dockersamples/example-voting-app which use multiple containers. Can someone shed some light on this please?

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: yelb-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 443
        name: https-443
        protocol: HTTPS
      tls:
        mode: SIMPLE
        credentialName: "tls-secret"
      hosts:
        - "*"
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vote
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
  - match:
    - uri:
        prefix: /vote
    rewrite:
      uri: "/"
    route:
    - destination:
        host: vote.vote2.svc.cluster.local
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: yelb-ui
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
    - route:
        - destination:
            host: yelb-ui
            port:
              number: 80
      match:
        - uri:
            prefix: /

without a rewrite rule, http://domain.tld/vote was showing 404 errors. with the above rewrite rule,the url is loading but the layout is broken.

Solution

  • You can use one single virtual service like below instead of two. As the port number defined in service 5000 you can mention the same in virutal service. Also in service definition you can use type as "ClusterIP" instead of NodePort. And add "protocol: TCP" in your service definition.

    apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: vote
spec:
  hosts:
    - "*"
  gateways:
    - yelb-gateway
  http:
  - match:
    - uri:
        prefix: /vote    
    route:
    - destination:
        host: vote.vote2.svc.cluster.local 
        port:
          number: 5000
    - uri:
        prefix: /    
    route:
    - destination:
        host: yelb-ui.default.svc.cluster.local
        port:
          number: <yelb-service-port-number>