Ingress Kubernetes integration

We are trying to configure processing requests to K8s Ingress controller from Tyk. Tyk Gateway is only one who has external IP.
Locally we have everything configured, so
curl --verbose --header “Host:test.example.com” <local_ingress_balancer_ip>:80
returning < HTTP/1.1 200 OK
with all info as expected.
The question is how to change “host” value on the Api Designer.
We have tried to use “Modify headers” plugin in Endpoint Designer, but with no luck. We can add any new header, but “host” is still unchanged with <local_ingress_balancer_ip>. We have checked this by tcpflow -p -c port 80 on gateway host.
Or, globally, what is the right way to use Tyk with K8s?

Hi Dimitry,

you can define URL rewrite like this:

“rewrite_to”: “$tyk_context.headers_Host/$1"

If match pattern is “match_pattern”: “/.*"

A more in depth solution would be what bitsofinfo suggest here: Overriding Host Header not working - #9 by bitsofinfo

Hi @Josh
Looks like URL rewrite is not working for us.
It only added value to request url, not changed the header
Config:
“path”: “/.*”,
_ “method”: “GET”,_
_ “match_pattern”: “/.*”,_
_ “rewrite_to”: “$tyk_context.headers_Host/$1”,_
_ “triggers”: [_
_ {_
_ “on”: “any”,_
_ “options”: {_
_ “header_matches”: {_
_ “Host”: {_
_ “match_rx”: “11.124.50.234:80”_
_ }_
_ },_
_ “query_val_matches”: {},_
_ “path_part_matches”: {},_
_ “session_meta_matches”: {},_
_ “payload_matches”: {_
_ “match_rx”: “”_
_ }_
_ },_
_ “rewrite_to”: “test2”_
_ }_
_ ],_
_ “MatchRegexp”: null_
_ }_

Response:
010.104.005.015.33892-010.104.005.082.00080: GET /$tyk_context.headers_Host/ HTTP/1.1
Host: 11.124.50.234:80

We also tried to use modify headers. Please see:

We have next config:
“extended_paths”: {
_ “transform_headers”: [_
_ {_
_ “delete_headers”: [_
_ “Cache-Control”,_
_ “Host”_
_ ],_
_ “add_headers”: {_
_ “Cache-Control”: “test”,_
_ “Host”: “test.sdw.ocs”_
_ },_
_ “path”: “/.*”,_
_ “method”: “GET”,_
_ “act_on”: false_
_ }_
_ ],_
which should replace above headers, Cache-Control was updated, however Host - no

Response:
010.104.005.015.35222-010.104.005.082.00080: GET / HTTP/1.1
Host: 11.124.50.234:80
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,ru;q=0.8,uk;q=0.7
Cache-Control: test
Remoteip: 193.109.118.86
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 193.111.228.186, 130.114.128.44

What is more prefered way to changed the Host header?

/$tyk_context.headers_Host/

This is obviously not expected, which means that Tyk did not replaced context with value.
Pls ensure that in your API definition you have enabled context variables enable_context_vars, it is on advanced tab.

In general, trick with rewrites should work, because if you specify custom host name inside rewrite rule, it should rewrite host header too.

You can check it by setting “rewrite_to” to smth like https://test.example.com/$1.

Also pls ensure that your “host” contains HTTP scheme, so it will be smth like: “rewrite_to”: “https://$tyk_context.headers_Host/$1"

Hi @leon
Thank you for response.
Unfortunately, we weren’t able to resolve the issue. enable_context_vars is true.
I tried to rewrite url, but didn’t get how it can replace Host header. Maybe I was not clear about the issue. Let me explain the task:
We have an Ingress service which one we can access trough next - “curl --verbose --header “Host:test.my.domain” 11.124.50.234:80”
Therefore we configured API in Tyk, to access this Ingress service. However, each request to Tyk API returned “default backend - 404” which means that we need to pass “–header “Host:test.my.domain”” through the Tyk.
What is the best way to do it?

https://tyk.io/docs/tyk-rest-api/api-definition-objects/proxy-settings/

I think if you enable preserving the host header in the proxy settings for your API could work in the case you have described - if it pre-exists coming into the Gateway?

Unfortunately this is not working for us too.
But we have found workaround. We have created a local DNS record with asterisk for our LB:
11.124.50.234 *.k8s.example.com
So, all names like “app1.k8s.example.com”, “app2.k8s.example.com” resolves to LB IP and this chain works fine.
BTW, we will appreciate to see the page with Ingess K8s Tyk integration instruction. I believe this is common case.

Great idea we will make it happen!

Really glad you got it working.

Joah

just to understand your issue better, are you deploying tyk in kubernetes on gcp, azure or aws?