New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support direct response in VirtualService #29264
Comments
Looks like a necessary feature |
Duplicate of auto-closed #12096 and discussed at https://discuss.istio.io/t/support-for-envoys-direct-response/2349 I believe this could be done with an EnvoyFilter today https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/direct_response/v2/config.proto |
this would be useful, can be done several ways but with workarounds would consume more resources than optimal |
I am still confused how I can implement this with istio (I am migrating from nginx ingress controller) |
You can do this with WebAssembly code and A better way is to use Envoy's DirectResponseAction. I believe Istio can provide this configuration to Envoy using an EnvoyFilter RouteMatch.Action. I have not tried it myself nor was I able to locate an example to point you at. |
@esnible Hello! Actually I am also didn't find any proper example and noone answered me back there https://discuss.istio.io/t/please-assist-me-with-using-envoyfilter-routeconfigurationmatch-action-direct-response/10388 This is really not easy to undestand this EnvoyFilter entity without simple examples :( |
I have tagged I will ask if anyone has examples as the next Telemetry and Extensions meeting. |
I asked at T&E. I was pointed to https://github.com/istio/istio/wiki/EnvoyFilter-Samples which is where the EnvoyFilter samples are kept. My hope is that someone adds one. If not, I will see what I can do. (But not this week...) |
hey @esnible
with this filter i get
this config generated |
this looks very complicated for me, I hope one day there will be just annotion for it (like in another ingress controllers) |
managed to get it working on gateway level
|
@ostapio could you please take a look at my setup, because I am getting HTTP ERROR 404
then I create your EnvoyFilter in default namespace with
And https://some.server/direct returns 404 Am I missing something? Could you share the rest of config. maybe I can try yours on empty cluster |
@Zeka13 do u have VirtualService created for that gataway/domain? envoy-filter (istio-system ns with workload selector istio: ingressgateway) |
IMHAO this is too much for this purpose, anyway thx! |
The following attached to the sidecar worked well for me for fixed responses: apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: direct-response
namespace: namespace-of-sidecar
spec:
workloadSelector:
labels:
app: myapp
configPatches:
- applyTo: HTTP_ROUTE
match:
context: SIDECAR_INBOUND
routeConfiguration:
vhost:
name: inbound|http|1234
patch:
operation: INSERT_FIRST
value:
name: direct-response
match:
prefix: /somepath
directResponse:
body:
inlineString: 'Inline body'
status: 200 Adjust namespace, labels and listening port (above as 1234). Swap prefix to path for an exact match. This seemed closer to the "VirtualService" goal. |
any work on this? |
any work on this? i think this is an important feature, many cases will use this feature.
envoy has implement three type of route, istio just support two of them. and it's difficult to use envoyfilter to implement and maintain the config in gateway situation, because http and https has different virtualhost name, the automate program must generated the name according to gateway config.
@howardjohn can you reopen this issue ? thx |
+1 |
not stale |
@robw-ca Thanks for the config. I wonder if we can apply this to the SIDECAR_OUTBOUND context in place of the INBOUND. I can observe that when using the inbound context the envoy filter will be processed on the proxy sidecar of the target service. However, I am trying to push this to the caller service's envoy sidecar to avoid the extra hop. Is that even possible? |
I don't see why it couldn't work, but you'll probably need to match a different vhost. If you dump the outbound sidecar via https://www.envoyproxy.io/docs/envoy/latest/operations/admin#get--config_dump?include_eds you should be able to search the (Admittedly long) JSON for the relevant settings. Do post back your findings! |
For example, I would like to have something like this:
The text was updated successfully, but these errors were encountered: