Hello,
In my environment, all the calls exiting the cluster go through a headless service. This headless service has an ILB(Internal Load Balancer) IP as an endpoint.
I have tried but I am not able to make the calls through headless service but calls directly to ILB is happening. I cant give ILB’s IP as a permanent solution. Need all the calls to passthrough one exit point in cluster. my ILB listens at port 30080 and 30443.
ILB’s IP DNS name - istio-ilb.lle-mcommerce.com
So I moved to using egress gateway to route all the calls to my ILB’s IP. But I am not able to work it out, here are my configs:
Egress-gateway:
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: istio-egressgateway namespace: default spec: servers: - hosts: - istio-ilb.lle-mcommerce.com port: name: tls number: 443 #used 30443 too here protocol: TLS tls: mode: PASSTHROUGH
virtual-service-egress:
> apiVersion: networking.istio.io/v1alpha3
> kind: VirtualService
> metadata:
> name: egress-gateway
> namespace: default
> spec:
> gateways:
> - istio-egressgateway
> - mesh
> hosts:
> - istio-ilb.lle-mcommerce.com
> tls:
> - match:
> - gateways:
> - mesh
> port: 443
> sni_hosts:
> - istio-ilb.lle-mcommerce.com
> route:
> - destination:
> host: istio-egressgateway.istio-system.svc.cluster.local
> port:
> number: 443
> subset: istio-ilb
> weight: 100
> - match:
> - gateways:
> - istio-egressgateway
> port: 443
> sni_hosts:
> - istio-ilb.lle-mcommerce.com
> route:
> - destination:
> host: istio-ilb.lle-mcommerce.com
> port:
> number: 30443
> weight: 100
I am not able to move forward with this config. Can someone help me with my use case ?