Egress on default installation



I am currently running Istio on Docker Desktop, and was wondering,
I thought as mentioned in most articles the default for egress is a closed system.
I’ve installed via helm, with the following settings, enabling the egress sub-system.

helm template .\istio-fetch\istio --name istio --namespace istio-system --set pilot.resources.requests.memory=“512Mi” --set kiali.enabled=true --set servicegraph.enabled=true --set grafana.enabled=true --set gateways.istio-egressgateway.enabled=true --set gateways.istio-egressgateway.type=NodePort --set gateways.istio-ingressgateway.type=NodePort --set global.mtls.enabled=false > .\Cluster\infrastructure\istio\istio.yaml

but, I seem to be able to get out of the cluster from an Istio pod / container quite easily.
I even installed an ssh client to see if it was a default setting allowing 443 and 80 out, so thought I’d try 22, which was a success, not what I was hoping for.

is this because I am on Docker Desktop ? or am I missing a set / option in the setup.

any help / suggestions would be welcomed.



I seem to be able to access the outside on a kubeadm kubernetes cluster install of the same settings, using Canal.