istio 将 http 路由到 https 上游原因导致 302

Question

我的入口网关位于 http 端口 80 并路由到 https 目标。

使用以下配置

http://ingress-gateway.example.com/zzz

它给出302 并且网址更改为https：

https://my-site.example.com/products

为什么是302，我错过了什么？

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port: # Note: I am entering using this port
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
  - port: # Note: I am NOT entering using this port
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    - "*"
    tls:
      credentialName: my-credential

---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: apps-domain
spec:
  hosts:
  - my-site.example.com
  ports:
  - number: 443
    name: https-my-site
    protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my
spec:
  hosts:
  - "*"
  gateways:
  - my-gateway
  http:
- match:
    - uri:
        prefix: /zzz
    rewrite:
      uri: /products
    route:
    - destination:
        port:
          number: 443
        host: my-site.example.com

---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: my-https-backend
spec: 
  host: my-site.example.com
  trafficPolicy:
    tls:
      mode: SIMPLE
      sni: my-site.example.com

Answer 1

你有一个指向 443 端口的重写规则

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my
spec:
  hosts:
  - "*"
  gateways:
  - my-gateway
  http:
- match:
    - uri:
        prefix: /zzz
    rewrite:
      uri: /products
    route:
    - destination:
        port:
          number: 443 # here
        host: my-site.example.com