Hello, I would appreciate your help with allowing external services on the managed Istio (v1.0) on Google Kubernetes Engine. Problem is that it’s not possible by reconfiguration of parameter global.proxy.includeIPRanges in the sidecar Configmap because it’s overwritten on the managed Istio.
Reason I need this is that my application is accessing a great amount of the external services which is not possible to configure by creating ServiceEntries.
a workaround I did in my lab environment was to create a service entry / destination rule to enable access to a squid proxy. it requires using an explicit proxy configuration, but it does give you a bypass of any http/https policies.
We’ve setup proxy as a temporary workaround. However, this won’t work as a long-term solution because of the big amount of transfered data. The proxy is now bottleneck of the system.
After playing around, I’ve found this solution working. I created ServiceEntry (shown below) with no resolution with all public IP ranges. Does anyone know if this is good idea? Cannot this solution impact the performace?