I’m trying to forward TCP traffic from a local port on 127.0.0.1 to an external service, adapting the MySQL example in Istio / Sidecar (4th/5th examples).
I have the following:
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: external-svc
namespace: istio-test
spec:
hosts:
- foo.example.com
ports:
- number: 10799
name: test-tcp
protocol: TCP
location: MESH_EXTERNAL
resolution: DNS
---
apiVersion: networking.istio.io/v1beta1
kind: Sidecar
metadata:
name: test-sidecar
namespace: istio-test
spec:
workloadSelector:
labels:
app: test-app
ingress:
egress:
- port:
number: 10799
protocol: TCP
name: egresstest
captureMode: NONE
bind: 127.0.0.1
hosts:
- "*/foo.example.com"
However, when trying to hit http://127.0.0.1:10799 the connection is established, but then dropped by Istio (I get “Recv failure: Connection reset by peer” from curl). Looking at the debug logs for the istio-proxy handling the request, I see an error about the Envoy cluster not existing:
2021-09-21T22:26:30.019199Z debug envoy filter [C49] new tcp proxy session
2021-09-21T22:26:30.019282Z debug envoy filter [C49] Cluster not found outbound|10799||foo.example.com
2021-09-21T22:26:30.019288Z debug envoy connection [C49] closing data_to_write=0 type=1
2021-09-21T22:26:30.019292Z debug envoy connection [C49] closing socket: 1