Re-route traffic using Istio Service Entry
If you are accessing external services from your application code, you may already have those external urls in some config files or may be added those as ConfigMaps to add further flexibility for modifying them in Kubernetes. However, If you change the config files, environment variables or ConfigMaps most likely you need to redeploy or restart the deployments to take effect those changes. What If , you really don't want to restart deployment but still need to change the endpoint from one host to another or change the IP/Port or both from one to another?
Well, Istio has an answer for this with Istio Service Entry.
Answer is "DNS resolution within the Istio proxy is orthogonal to DNS resolution in a user application. Even when the client does DNS resolution, the proxy may ignore the resolved IP address and use its own, which could be from a static list of IPs or by doing its own DNS resolution (potentially of the same hostname or a different one)."
This may become handy when you want to test in different staging environments by changing the destination IP/Port without any restarts to your application and even delegate this to test team so they can be independent.
Below is how the service entry yaml looks like,
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: serviceentry-redirect spec: addresses: - 0.0.0.200 endpoints: - address: 0.0.0.300 # new IP we wont traffic routed to. hosts: - hostconfigured-in-my-clientapp.com location: MESH_EXTERNAL ports: - name: tls number: 9200 protocol: TLS targetPort: 9300 # new Port number we wont traffic routed to. resolution: STATIC
Points to note that this - hostconfigured-in-my-clientapp.com (which DNS resolved to IP 0.0.0.200) Is the external url configured in the config file or the ConfigMap and 0.0.0.300 Is the IP and 9300 Is the port we need traffic routed to instead those original IP/Port .
Essentially, With this way you can arbitrarily re-route an HTTP request to an external url.