kubernetes - Istio complicated K8sObjectOverlay.PathValue

Question

Istio can be deployed via IstioOperator.

You can patch anything created by a certain component using the K8sObjectOverlay, which takes a PathValue. I cannot for the life of me understand how to provide complicated PathValues.

Here are some example patches I've found (search for "patches:" on those pages) in case it helps.

The patch I'm trying to apply is changing the default ingressGateway that gets created from:

...
spec:
  profile: default
  components:
    ingressGateways:
      - namespace: istio-system
        name: istio-ingressgateway
        enabled: true

I can view the default ingress gateway that gets created with kubectl edit gateway/ingressgateway -n istio-system and see this snippet:

spec:
  servers:
  - hosts:
    - '*'
    port:
      name: http
      number: 80
      protocol: HTTP

My goal is to change it to this:

spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
        - "*"
      tls:
        httpsRedirect: true # sends 301 redirect for http requests
    - port:
        number: 443
        name: https-443
        protocol: HTTPS
      hosts:
        - "*"
      tls:
        mode: SIMPLE # enables HTTPS on this port
        serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
        privateKey: /etc/istio/ingressgateway-certs/tls.key

I believe that the ObjectOverlay that I should add to the first YAML block above should start with something like this:

        k8s:
          overlays:
            - apiVersion: networking.istio.io/v1beta1
              Kind: Gateway
              name: ingressgateway
              patches:
                - path: spec.servers.

but I don't know how to specify that I want to add tls.httpsRedirect: true to the first list item, or how to create a list item with the relatively complicated values above.

The PathValue docs I linked above are not clear to me. Istio itself just links to StackOverflow with the [Istio] Tag, so I guess this is where I come for help.

Answer 1

This is a part of an overlay that will add another server entry with some example specs. Just tweak it to be the way you want it to be. You can also override your first server entry with a path of spec.servers[0] and then set the value to whatever you want it to be.

ingressGateways: 
  - enabled: true
    k8s:
      overlays:
      - apiVersion: networking.istio.io/v1alpha3
        kind: Gateway
        name: ingressgateway
        patches:
        - path: spec.servers[1]
          value:
            hosts:
              - '*.example.com'
            port:
              name: https
              number: 443
              protocol: HTTPS
            tls:
              credentialName: example-cert
              mode: SIMPLE
              privateKey: sds
              serverCertificate: sds

Update: I haven't tried it out, but you could try just defining that expression as the path path, i think it then just set that single value inside the rest of the object:

- path: spec.servers[0].tls.httpsRedirect
  value: true

It might be necessary to define the entire tls object though, i'm not sure right now if it'd be valid with just the httpsRedirect attribute defined.

- path: spec.servers[0].tls
  value: 
    httpsRedirect: true
    other required attributes defined here just like httpsRedirect