Hello,
I am new to Istio and I have following problem. I am trying to set up configuration of egress gateway for external service communicating through tls/443 like for the following example: Istio / Egress Gateways.
Everything seems to work correctly. For outbound traffic for ‘externalapi’ service, I am getting istio_tcp_connections_closed_total metric. And here’s my question:
Is there any way to enforce generating istio_requests_total metric for outbound traffic for tls/443 going through egress gateway? I would like to get some additional information like response codes for outgoing traffic.
Here’s my configuration:
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: externalapi-egress
spec:
hosts:
- externalapi.mydomain.com
ports:
- number: 443
name: tls
protocol: TLS
resolution: DNS
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: externalapi-egress
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: tls
protocol: TLS
hosts:
- externalapi.mydomain.com
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: externalapi-egress
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: externalapi-egress
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: externalapi
spec:
hosts:
- externalapi.mydomain.com
gateways:
- externalapi-egress
- mesh
tls:
- match:
- gateways:
- mesh
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: externalapi-egress
port:
number: 443
weight: 100
- match:
- gateways:
- externalapi-egress
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: externalapi.mydomain.com
port:
number: 443
weight: 100
Thank you for helping me with this,
Robert