Rewrite http request based on response location header - Istio

3/2/2019

Description:

Make a request to Istio (1.0.6) proxy to upstream via virtual_service. Service is responding with header newuri, with httpStatus code ie 307 - I know that redirect should works by designe with 302 and location header. But I want to make a redirect handling based on http error. I tried using envoyFilters with lua but all features are related to stream handling (request/response headers mod) rather than rewrite or request forward .

So the request path looks like this:

  • client is making request ie curl http://foo/path
  • proxy is forwarding request to upstream
  • upstream is responding with custom header with new_uri ie http://blabla/path2 as value
  • while header exist in response proxy is doing new request to new_uri
  • client see response from new_uri

Thanks

-- bucken
envoyproxy
istio
kubernetes
proxy

1 Answer

3/21/2019

In case you have a predefined list of upstream hosts, you might consider to look at Envoy Retry plugin. This mechanism allows you to determine a list of Hosts predicates that can be associated with some specific retry condition retry_on: i.e. on specific HTTP error code; and number of retry series num_retries, thus after reattempts have reached retries number, Envoy retry policy will select the next host from the list defined in retry_host_predicate.

{
  "retry_on": "...",
  "num_retries": "{...}",
  "per_try_timeout": "{...}",
  "retry_priority": "{...}",
  "retry_host_predicate": [],
  "host_selection_retry_max_attempts": "...",
  "retriable_status_codes": []
}

In other case, when your redirect hosts are not known in advance, it would better to find a way how you can apply appropriate logic in application level as most of HTTP proxies are designed in such a way that response handlers are executed synchronously, i.e. while the response handler is running nothing else will be scheduled in the same thread. This is fine as long as response handler only processes the data already in memory and doesn't wait on remote services. However, if you make a network request from a response handler, the entire thread will be blocked and do absolutely nothing until the remote service replies, which would result in performance degradation.

-- mk_sta
Source: StackOverflow