Hi,
I want to use Istio VS to create a proxy for an external HTTPS service. What I want to achieve is that when accessing https://test.com/segment/v1/t, the request is passed to https://api.segment.io/v1/t. The cluster has TLS termination, that’s why the DestinationRule is required.
I have tested the below rules and they work on my local DD k8s cluster and an AKS.
But in one cluster, which might have a more complicated network configuration, I got a connection reset error in the istio-ingressgateway pod. The cluster does not have an egress gateway and I have checked all firewall settings and logs and no access is blocked for api.segment.io.
Any other reason that could cause Istio to block or terminate the request?
The DestinationRule is like this:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
spec:
host: api.segment.io
trafficPolicy:
tls:
mode: SIMPLE
The VirtualService looks like this:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
spec:
gateways:
- istio-gateway
hosts:
- test.com
http:
- match:
- uri:
prefix: /segment/
rewrite:
authority: api.segment.io
uri: /
route:
- destination:
host: api.segment.io
port:
number: 443