Replies: 1 comment 1 reply
-
For now I've had to deploy an nginx in cluster-1 which then handles the forwarding to the oauth2-proxy in cluster-2, but I'd like to avoid that if possible as the extra http request definitely will not improve performance. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm trying to configure istio to use a host not on the same kubernetes cluster for external authentication. I've setup a ServiceEntry and DestinationRule and the requests are arriving at the remote service (oauth2-proxy.cluster-2.example.com), however the requests have their Host header set to the original host the user arrives at (some-service.cluster-1.example.com), not the host specified in the envoyExtAuthzHttp serviceName. This results in a 404 as the remote service only responds to oauth2-proxy.cluster-2.example.com.
I've tried explicitly setting the host header in
includeAdditionalHeadersInCheck
however that just resulted in:How do I override the Host setting? I've had this problem before when using the istio ingress to proxy to another remote service, that was fixable by using the authority rewrite of VirtualService. In this case there is no Virtualservice. I suppose I'll need an EnvoyFilter to patch the configuration?
Beta Was this translation helpful? Give feedback.
All reactions