K
Q

How to send Azure Application Gateway Request Host headers to istio ingress gateway(Azure Internal LB)

9/20/2019

I have configured Azure Application Gateway with WAF2 as Edge Gateway! The requests are sent to backendpool within same Vnet. The backendpool is the IP of Istio Ingress Gateway! The Ingress Gateway is configured for multiple host as below and similar virtual services are mapped to the Ingress Gateway.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "dev.example.com"
    - "stage.example.com"

With this configuration I always get 404 since the Azure Application gateway does not send the Host header to Istio Ingress gateway and hence the latter does not understand on which host it should accept! However I tried to add rewrite set for the gateway to send the Host header but since the backendpool configured is internal vnet IP, It does not allow me to do add headers! I even try to add envoy lua filter on gateway to get X-Original-Host and set as Host but it does not work since the request does not even reach istio gateway. However Istio does not honour the X-Forwarded-Host.

So to make the long story short, I would like to send the Host headers from ApplicationGateway to Istio Ingress gateway What is the best way to do it!

-- chaosguru
azure
azure-aks
azure-application-gateway
istio
kubernetes-ingress

Similar Questions

Kubernetes autoscaler - NotTriggerScaleUp' pod didn't trigger scale-up (it wouldn't fit if a new node is added)
kubernetes nginx-ingress always redirecting to 404 default backen ignoring path rules
Q: Configuration custom scheduler plugin in Kubernetes
Is there any REST APIs for native kubectl cmds like apply/delete etc
Can't mount to nfs pod in Kubernetes

0 Answers