After deploying Istio 1.1.2 on OpenShift there is an istio-ingressgateway route with its associated service and pod.
I have successfully used that ingress gateway to access an application, configuring a Gateway and a VirtualService using * as hosts.
However I would like to configure a domain, e.g insuranceinc.es, to access the application. According to the documentation I have this Istio config:
Gateway:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: insuranceinc-gateway
namespace: istio-insuranceinc
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "insuranceinc.es"
VirtualService
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: insuranceinc
namespace: istio-insuranceinc
spec:
hosts:
- insuranceinc.es
gateways:
- insuranceinc-gateway
http:
- route:
- destination:
host: insuranceinc-web
port:
number: 8080
If I make this curl invocation...
curl http://istio-ingressgateway-istio-system.apps.mycluster.com/login
... I can see a 404 error in the ingress-gateway pod:
[2019-04-12T15:27:51.765Z] "GET /login HTTP/1.1" 404 NR "-" 0 0 1 - "xxx" "curl/7.54.0" "xxx" "istio-ingressgateway-istio-system.apps.mycluster.com" "-" - - xxx -
This makes sense since it isn't comming from an insuranceinc.es host. So I change the curl to send a Host: insuranceinc.es
header:
curl -H "Host: insuranceinc.es" http://istio-ingressgateway-istio-system.apps.mycluster.com/login
Now I am getting a 503 error and there are no logs in the istio-ingressgateway pod.
Application is not available
The application is currently not serving requests at this endpoint. It may not have been started or is still starting.
This means the request hasn't been processed by that istio-ingressgateway route->service->poc.
Since it is an Openshift Route
it must be needing a Host header containing the route host istio-ingressgateway-istio-system.apps.mycluster.com
. In fact if I send curl -H "Host: istio-ingressgateway-istio-system.apps.mycluster.com" http://istio-ingressgateway-istio-system.apps.mycluster.com/login
it is processed by the istio ingress gateway returning a 404.
So, how can I send my Host insuranceinc.es header and also reach the istio ingress gateway (which is actually an OpenShift route)?
You need to create an openshift route in the istio-system namespace to relate to the hostname you created.
For example:
oc -n istio-system get routes
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
gateway1-lvlfn insuranceinc.es istio-ingressgateway <all> None