How to configure the below nginx annotation in istio ingress gateway

Question

How can add the below ssl-redirect configuration in istio ingress gateway?

 nginx.ingress.kubernetes.io/ssl-redirect: "false"
 nginx.ingress.kubernertes.io/force-ssl-redirect: "false"

Are there any annotations in istio gateway or any other configuration to be done on the envoy filter to make the ssl-redirect false?

Answer 1

One of the option in istio is to specify "httpsRedirect" attribute to false in gateway definition which will stop the redirection.

Below is the sample definition. More details are in istio documentation

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: my-gateway
  namespace: some-config-namespace
spec:
  selector:
    app: my-gateway-controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      httpsRedirect: true # sends 301 redirect for http requests
  - port:
      number: 443
      name: https-443
      protocol: HTTPS
    hosts:
    - uk.bookinfo.com
    - eu.bookinfo.com
    tls:
      mode: SIMPLE # enables HTTPS on this port
      serverCertificate: /etc/certs/servercert.pem
      privateKey: /etc/certs/privatekey.pem
  - port:
      number: 9443
      name: https-9443
      protocol: HTTPS
    hosts:
    - "bookinfo-namespace/*.bookinfo.com"
    tls:
      mode: SIMPLE # enables HTTPS on this port
      credentialName: bookinfo-secret # fetches certs from Kubernetes secret