04-HTTPRedirect

2023-05-05 02:32:06 +02:00 · 2023-05-05 02:32:06 +02:00 · 6b0b62b6a9
commit 6b0b62b6a9
parent 113ed75177
10 changed files with 304 additions and 101 deletions
--- a/02-Traffic_management/04-HTTPRedirect/Gateway.yaml
+++ b/02-Traffic_management/04-HTTPRedirect/Gateway.yaml
@ -0,0 +1,14 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
--- a/02-Traffic_management/04-HTTPRedirect/README.md
+++ b/02-Traffic_management/04-HTTPRedirect/README.md
@ -1,3 +1,257 @@
+---
+gitea: none
+include_toc: true
+---
+
+# Description
+
+Based on the [previous example](../../01-Getting_Started/01-hello_world_1_service_1_deployment), we create multiple rules in the [VirtualService](#virtualservice) that will make usage of the `redirect` field to modify the request received and redirect the incoming request towards a new destination.
+
+This example configures:
+
+    Istio resources:
+    - 1 Gateway
+    - 1 Virtual Service
+
+# Based on
+
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment)
+
+# Configuration
+
+## Gateway
+
+Deploys an Istio gateway that's listening to the port `80` for `HTTP` traffic.
+
+It doesn't filter for any specific host.
+
+The `selector` field is used to "choose" which Istio Load Balancers will have this gateway assigned to.
+
+The Istio `default` profile creates a Load Balancer in the namespace `istio-system` that has the label `istio: ingressgateway` set, allowing us to target that specific Load Balancer and assign this gateway resource to it.
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: helloworld-gateway
+spec:
+  selector:
+    istio: ingressgateway # use istio default controller
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
+```
+
+## VirtualService
+
+The configuration set, targets the [gateway created](#gateway) as well of not limiting the traffic to any specific host.
+
+We configure 3 HTTP rules.
+
+- to_https
+
+A practical example regarding modifying protocol used from the incoming traffic request.
+
+It will set the protocol used to `HTTPS`.
+
+> **Note:**\
+> Bear in mind that this example is not planned to be used `as it is` on production environments as other configurations should be applied, as an example you should target a specific source port.
+
+- wikipedia
+
+We are using the regex query `/wiki/?` to match the URL path, this rule allows us to target both `/wiki` and `/wiki/`.
+
+On this example we will redirect the traffic that accesses to this rule towards the Wikipedia page, as well the protocol will be modified and set to `HTTPS`.
+
+- wikipedia_search
+
+Very similar to the previous rule, we will match the traffic that, as a prefix of the URl used, as long it starts by `/wiki/`.
+
+More information about the behavior of ties rule will be seen in the [Walkthrough](#walkthrough) section. 
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - name: to_https
+      match:
+        - uri:
+            exact: /https
+      redirect:
+        scheme: "https"
+
+    - name: wikipedia
+      match:
+        - uri:
+            regex: "/wiki/?"
+      redirect:
+        uri: "/"
+        scheme: "https"
+        authority: "en.wikipedia.org"
+
+    - name: wikipedia_search
+      match:
+        - uri:
+            prefix: "/wiki/"
+      redirect:
+        scheme: "https"
+        authority: "en.wikipedia.org"
+```
+
+# Walkthrough
+
+## Deploy resources
+
+Deploy the resources.
+
+```shell
+kubectl apply -f ./
+```
+```text 
+gateway.networking.istio.io/helloworld-gateway created
+virtualservice.networking.istio.io/helloworld-vs created
+```
+
+## Test the rules
+
+### Get LB IP
+
+To perform the desired tests, we will need to obtain the IP Istio Load Balancer that we selected in the [Gateway section](#gateway).
+
+On my environment, the IP is the `192.168.1.50`.
+
+```shell
+kubectl get svc -l istio=ingressgateway -A
+```
+```text
+NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)                                      AGE
+istio-ingressgateway   LoadBalancer   10.97.47.216   192.168.1.50   15021:31316/TCP,80:32012/TCP,443:32486/TCP   39h
+```
+
+### to_https
+
+We are receiving the status code `301` as the request is being modified.
+
+By default `curl` won't follow the redirects. 
+
+```shell
+curl 192.168.1.50/https -I
+```
+```text
+HTTP/1.1 301 Moved Permanently
+location: https://192.168.1.50/https
+date: Fri, 05 May 2023 00:15:41 GMT
+server: istio-envoy
+transfer-encoding: chunked
+```
+ 
+The flag `-L` can be used to allow `curl` to follow redirects, as well of `-v` to increase the verbosity to review the behavior.
+
+From the output received, we can see how the request initially points towards the port `80`.
+
+After receiving the status code `301`, we can see the following line `Clear auth, redirects to port from 80 to 443`, stating that there was a redirect that changed the destination port, from `80`, to `443`.
+
+As well, there is the line `Issue another request to this URL: 'https://192.168.1.50/https'`, which confirms that the protocol used, which previously was using `HTTP`, now is using `HTTPS`.
+
+This proves that the configuration set is currently being applied and works as intended.
+
+```shell
+curl 192.168.1.50/https -L -v
+```
+
+```text
+*   Trying 192.168.1.50:80...
+* Connected to 192.168.1.50 (192.168.1.50) port 80 (#0)
+> GET /https HTTP/1.1
+> Host: 192.168.1.50
+> User-Agent: curl/8.0.1
+> Accept: */*
+> 
+< HTTP/1.1 301 Moved Permanently
+< location: https://192.168.1.50/https
+< date: Fri, 05 May 2023 00:17:12 GMT
+< server: istio-envoy
+< content-length: 0
+< 
+* Connection #0 to host 192.168.1.50 left intact
+* Clear auth, redirects to port from 80 to 443
+* Issue another request to this URL: 'https://192.168.1.50/https'
+*   Trying 192.168.1.50:443...
+* connect to 192.168.1.50 port 443 failed: Connection refused
+* Failed to connect to 192.168.1.50 port 443 after 0 ms: Couldn't connect to server
+* Closing connection 1
+curl: (7) Failed to connect to 192.168.1.50 port 443 after 0 ms: Couldn't connect to server
+```
+
+### /wiki/
+
+On this example I will be using the Firefox browser to access the destination path `/wiki/`.  
+
+Which on accessing the path, it modified the request and forwarded the traffic towards the path `https://en.wikipedia.org/wiki`.
+
+After accessing such destination, Wikipedia will forward you to the path `/wiki/Main_Page`, as we didn't target any specific element from the wiki.
+
+```shell
+firefox 192.168.1.50/wiki/
+```
+![img.png](src/img.png)
+
+### /wiki/*
+
+On this example I will be using the Firefox browser to access the destination path `/wiki/Istio` and `/wiki/Gitea`.
+
+This will forward us towards the pertinent wiki service, as meanwhile the domain is modified, the path remains the same, allowing us to match the right destination paths.
+
+```shell
+firefox 192.168.1.50/wiki/Service_mesh
+```
+
+![img_1.png](src/img_1.png)
+
+```shell
+firefox 192.168.1.50/wiki/Gitea
+```
+
+![img_2.png](src/img_2.png)
+
+
+## Cleanup
+
+Finally, a cleanup from the resources deployed.
+
+```shell
+kubectl delete -f ./
+```
+```text
+gateway.networking.istio.io "helloworld-gateway" deleted
+virtualservice.networking.istio.io "helloworld-vs" deleted
+```
+
+# Links of interest
+
+- https://istio.io/latest/docs/reference/config/networking/virtual-service/#HTTPRedirect
+
+
+
+
+
+
+
+
+
+
+


 # Continues from
--- a/02-Traffic_management/04-HTTPRedirect/VirtualService.yaml
+++ b/02-Traffic_management/04-HTTPRedirect/VirtualService.yaml
@ -0,0 +1,33 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: helloworld-vs
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - helloworld-gateway
+  http:
+    - name: to_https
+      match:
+        - uri:
+            exact: /https
+      redirect:
+        scheme: "https"
+
+    - name: wikipedia
+      match:
+        - uri:
+            regex: "/wiki/?"
+      redirect:
+        uri: "/"
+        scheme: "https"
+        authority: "en.wikipedia.org"
+
+    - name: wikipedia_search
+      match:
+        - uri:
+            prefix: "/wiki/"
+      redirect:
+        scheme: "https"
+        authority: "en.wikipedia.org"
--- a/02-Traffic_management/04-HTTPRedirect/deployment.yaml
+++ b/02-Traffic_management/04-HTTPRedirect/deployment.yaml
@ -1,40 +0,0 @@
-# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: helloworld
-  labels:
-    app: helloworld
-    service: helloworld
-spec:
-  ports:
-    - port: 80
-      name: http
-  selector:
-    app: helloworld
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: helloworld-nginx
-  labels:
-    app: helloworld
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: helloworld
-  template:
-    metadata:
-      labels:
-        app: helloworld
-    spec:
-      containers:
-        - name: helloworld
-          image: nginx
-          resources:
-            requests:
-              cpu: "100m"
-          imagePullPolicy: IfNotPresent #Always
-          ports:
-            - containerPort: 80
--- a/02-Traffic_management/04-HTTPRedirect/gateway.yaml
+++ b/02-Traffic_management/04-HTTPRedirect/gateway.yaml
@ -1,58 +0,0 @@
-# https://github.com/istio/istio/blob/master/samples/helloworld/helloworld-gateway.yaml
-apiVersion: networking.istio.io/v1alpha3
-kind: Gateway
-metadata:
-  name: helloworld-gateway
-spec:
-  selector:
-    istio: ingressgateway # use istio default controller
-  servers:
-    - port:
-        number: 80
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
---
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: helloworld-vs
-spec:
-  hosts:
-    - "*"
-  gateways:
-    - helloworld-gateway
-  http:
-    - match:
-        - uri:
-            exact: /helloworld
-      route:
-        - destination:
-            host: helloworld.default.svc.cluster.local
-            port:
-              number: 80
-      rewrite:
-        uri: "/"
-    - name: to_https
-      match:
-        - uri:
-            exact: /https
-          scheme: http
-      redirect:
-        scheme: "https"
-    - name: wikipedia
-      match:
-        - uri:
-            exact: "/wiki"
-      redirect:
-        uri: "/"
-        scheme: "https"
-        authority: "en.wikipedia.org"
-    - name: wikipedia_search
-      match:
-        - uri:
-            prefix: "/wiki/"
-      redirect:
-        scheme: "https"
-        authority: "en.wikipedia.org"
--- a/02-Traffic_management/04-HTTPRedirect/src/img.png
+++ b/02-Traffic_management/04-HTTPRedirect/src/img.png
--- a/02-Traffic_management/04-HTTPRedirect/src/img_1.png
+++ b/02-Traffic_management/04-HTTPRedirect/src/img_1.png
--- a/02-Traffic_management/04-HTTPRedirect/src/img_2.png
+++ b/02-Traffic_management/04-HTTPRedirect/src/img_2.png
--- a/09-Ingress/01-Create-Istio-LoadBalancer/Gateway.yaml
+++ b/09-Ingress/01-Create-Istio-LoadBalancer/Gateway.yaml
--- a/09-Ingress/01-Create-Istio-LoadBalancer/README.md
+++ b/09-Ingress/01-Create-Istio-LoadBalancer/README.md
@ -6,7 +6,7 @@ include_toc: true

 # Based on

- [01-hello_world_1_service_1_deployment](../../01-Getting%20Started/01-hello_world_1_service_1_deployment)
+- [01-hello_world_1_service_1_deployment](../../01-Getting_Started/01-hello_world_1_service_1_deployment)

 # Description

@ -108,7 +108,7 @@ Thank you for installing Istio 1.17.  Please take a few minutes to tell us about
 ### Deploy gateway

 ```shell
-kubectl apply -f gateway.yaml
+kubectl apply -f Gateway.yaml
 ```
 ```text
 
@ -162,7 +162,7 @@ x-envoy-upstream-service-time: 15

 ```shell
 kubectl delete -f ./deployment-nomtls.yaml
-kubectl delete -f ./gateway.yaml
+kubectl delete -f ./Gateway.yaml
 ```
 ```text
 service "helloworld" deleted