How to allow the azure application insights connection from the istio egress gateway

Lavanya Krishnamurthy 0 Reputation points
2024-01-24T00:50:12.6233333+00:00

We have application in the AKS which we have integrated with azure app insights to log application logs. We want this connection from the application in the AKS to Azure App insights to be from the istio egress gateway in the AKS. We have added istio serviced entry to allow traffic to azure app insights, istio gateway to add azure app insights as host url *.in.applicationinsights.azure.com but in istio virtual service we need to add destination to route traffic to to the particular app insights. How do we do that, azure app insights is connected using connection string and istio virtual service does not support the connection string in the destination property With allowing in the service entry connection works but when we route from egress gateway it does not.


apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: service-entry
spec:
  hosts:
  - "*.in.applicationinsights.azure.com"
  - "*.livediagnostics.monitor.azure.com"
  exportTo:
  - "."
  ports:
  - number: 443
    name: https
    protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL


---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: egress-gateway
spec:
  selector:
    istio: egressgateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
    - "*.in.applicationinsights.azure.com"
    - "*.livediagnostics.monitor.azure.com"
    tls:
      mode: PASSTHROUGH

---


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: egress-virtual-service
spec:
  hosts:
    - "*.in.applicationinsights.azure.com"
    - "*.livediagnostics.monitor.azure.com"
  exportTo:
  - ""
  gateways:
  - mesh
  - egress-gateway
  tls:
  - match:
    - gateways:
      - mesh
      port: 443
      sniHosts:
      - "*.in.applicationinsights.azure.com"
      - "*.livediagnostics.monitor.azure.com"
    route:
    - destination:
        host: egressgateway.svc.cluster.local
        port:
          number: 443
  - match:
    - gateways:
      - egress-gateway
      port: 443
      sniHosts:
        - "*.in.applicationinsights.azure.com"
    route:
    - destination:
        host: westus-0.in.applicationinsights.azure.com
        port:
          number: 443
  - match:
    - gateways:
      - nxc-tables-egress-gateway
      port: 443
      sniHosts:
        - "*.livediagnostics.monitor.azure.com"
    route:
    - destination:
        host: westus.livediagnostics.monitor.azure.com
        port:
          number: 443
Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,807 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Monalla-MSFT 11,641 Reputation points
    2024-04-17T13:37:19.3633333+00:00

    @Lavanya Krishnamurthy - Welcome to Microsoft Q&A and thanks for reaching out to us.

    This feature is not currently supported by Application Insights. The only way this can work is to run some kind of collector and use the unsupported Azure Monitor exporter, but this is an unsupported way.

    But if you have any further questions or clarifications, please reach out to us with more information as requested.

    Hope this helps. and please feel free to reach out if you have any further questions.

    Please don't forget to "Accept as Answer" and click "Yes" if the above response is helpful, so it can be beneficial to the community.

    0 comments