Consider changing the Ingress example for envoy

[danistrebel]

In the Apigee Envoy extension (for external access) description we list the final call as follows:

curl -i http://"$INGRESS_HOST"/headers -H "x-api-key: $CONSUMER_KEY" \
-H "Host: $TARGET_HOST"

Which I think is IMO unnecessarily leaking the internal host names and adds a cumbersome Host header.

What do you think if we would change the final call to

curl -i http://"$INGRESS_HOST"/httpbin/headers -H "x-api-key: $CONSUMER_KEY"

By adding

• a path rewrite of /httpbin/ => /
• and Host header add of Host: httpbin

to the VirtualService resource?

The VirtualService would then look something like this:

cat <<EOF | kubectl apply -n istio-system -f -
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
 name: envoy-adapter-ingress
spec:
 hosts:
 - "$INGRESS_HOST"
 gateways:
 - apigee-gateway
 http:
  - match:
      - uri:
          prefix: /httpbin/
    rewrite:
       uri: /
    route:
      - destination:
          host: $TARGET_SERVICE_NAME.$TARGET_SERVICE_NAMESPACE.svc.cluster.local
          port:
            number: 80
        headers:
          request:
            add:
              Host: $TARGET_HOST
EOF

last minor detail:

Step 8 is missing a | as it is:

cat <<EOF kubectl apply -n $ISTIO_GATEWAY_NS -f -

but should be

cat <<EOF | kubectl apply -n $ISTIO_GATEWAY_NS -f -

[ganadurai]

Nice and cleaner as per your recommendation.

Created the PR : https://github.com/apigee/devrel/pull/613 addressing the fixes.