Consumer Log:
{
"insertId": "qb0kznkwcrl0ggds",
"jsonPayload": {
"upstream_service_time": "55",
"path": "/",
"istio_policy_status": "-",
"duration": "113",
"request_id": "4a199464-bfcf-9fb9-96b6-8bf5bde1dbd1",
"start_time": "2021-06-25T19:23:00.102Z",
"upstream_host": "10.132.0.133:8080",
"upstream_local_address": "10.132.0.146:35038",
"upstream_transport_failure_reason": "-",
"bytes_received": "0",
"route_name": "test-80-redirect-external",
"response_code": "200",
"downstream_remote_address": "10.132.0.146:54490",
"x_forwarded_for": "-",
"authority": "edition.cnn.com",
"downstream_local_address": "10.128.218.207:80",
"method": "GET",
"protocol": "HTTP/1.1",
"requested_server_name": "-",
"bytes_sent": "1121053",
"upstream_cluster": "outbound|80||istio-egressgateway.istio-system.svc.cluster.local",
"user_agent": "curl/7.77.0-DEV",
"response_flags": "-"
},
"resource": {
"type": "k8s_container",
"labels": {
"cluster_name": "sandbox-cluster-2",
"container_name": "istio-proxy",
"namespace_name": "curlservice",
"location": "us-central1",
"project_id": "alo-sandbox",
"pod_name": "curlservice-55697b888c-lvg4b"
}
},
"timestamp": "2021-06-25T19:23:05.236676526Z",
"severity": "INFO",
"labels": {
"k8s-pod/service_istio_io/canonical-name": "curlservice",
"k8s-pod/security_istio_io/tlsMode": "istio",
"k8s-pod/app": "curlservice",
"k8s-pod/istio_io/rev": "default",
"k8s-pod/service_istio_io/canonical-revision": "latest",
"k8s-pod/pod-template-hash": "55697b888c",
"compute.googleapis.com/resource_name": "gke-sandbox-cluster--sandbox-cluster--468a00a7-kxch"
},
"logName": "projects/alo-sandbox/logs/stdout",
"receiveTimestamp": "2021-06-25T19:23:08.203341587Z"
}
Egressgateway log
{
"insertId": "kkruie6hm4iuhluz",
"jsonPayload": {
"protocol": "HTTP/2",
"requested_server_name": "edition.cnn.com",
"method": "GET",
"upstream_service_time": "50",
"duration": "107",
"authority": "edition.cnn.com",
"upstream_host": "151.101.129.67:443",
"downstream_local_address": "10.132.0.133:8080",
"request_id": "4a199464-bfcf-9fb9-96b6-8bf5bde1dbd1",
"upstream_transport_failure_reason": "-",
"response_flags": "-",
"x_forwarded_for": "10.132.0.146",
"istio_policy_status": "-",
"upstream_local_address": "10.132.0.133:48716",
"bytes_received": "0",
"route_name": "-",
"path": "/",
"start_time": "2021-06-25T19:23:00.107Z",
"upstream_cluster": "outbound|443||edition.cnn.com",
"downstream_remote_address": "10.132.0.146:35038",
"response_code": "200",
"bytes_sent": "1121053",
"user_agent": "curl/7.77.0-DEV"
},
"resource": {
"type": "k8s_container",
"labels": {
"pod_name": "istio-egressgateway-b5c9c5-7xn49",
"project_id": "alo-sandbox",
"location": "us-central1",
"cluster_name": "sandbox-cluster-2",
"namespace_name": "istio-system",
"container_name": "istio-proxy"
}
},
"timestamp": "2021-06-25T19:23:07.306082290Z",
"severity": "INFO",
"labels": {
"k8s-pod/chart": "gateways",
"k8s-pod/service_istio_io/canonical-name": "istio-egressgateway",
"k8s-pod/service_istio_io/canonical-revision": "latest",
"k8s-pod/heritage": "Tiller",
"k8s-pod/app": "istio-egressgateway",
"k8s-pod/istio": "egressgateway",
"k8s-pod/release": "istio",
"compute.googleapis.com/resource_name": "gke-sandbox-cluster--sandbox-cluster--468a00a7-kxch",
"k8s-pod/pod-template-hash": "b5c9c5"
},
"logName": "projects/alo-sandbox/logs/stdout",
"receiveTimestamp": "2021-06-25T19:23:08.201939238Z"
}
I’m following examples
NS: alias
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
namespace: alias
name: derp
spec:
gateways:
- mesh
hosts:
- derp.alias.svc.cluster.local
http:
- name: "test-80-redirect-external"
match:
- gateways:
- mesh
port: 80
rewrite:
authority: edition.cnn.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
port:
number: 80
NS: istio-system
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
spec:
hosts:
- edition.cnn.com
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: https-port-for-tls-origination
protocol: HTTPS
hosts:
- "*.cnn.com"
tls:
mode: ISTIO_MUTUAL
---
# NOTE: This presents the same SNI (edition.cnn.com) outbound to *.cnn.com
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 80
tls:
mode: ISTIO_MUTUAL
sni: edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
spec:
hosts:
- "*.cnn.com"
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
port:
number: 80
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: edition.cnn.com
port:
number: 443
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: originate-tls-for-edition-cnn-com
spec:
host: "*.cnn.com"
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 443
tls:
mode: SIMPLE # initiates HTTPS for connections to *.cnn.com