Having trouble configuring scenario

Hello. I’m still trying to get up to speed on istio for some tasks at a customer site, and the recipe seems to be eluding me. I am trying to create a setup where services inside the mesh can connect to database services hosted outside of the OpenShift cluster altogether. The eventual goal is to use mTLS between the egress gateway and the database, but because I was having so much trouble getting to that work, I dialed back the complexity and am currently trying without the mTLS piece. I must be missing something, as my istio-proxy in my app container has an access log line containing NR, and I don’t see anything at the egress gateway. If someone could look at my configuration and see if I’m missing something obvious, I would appreciate it. This is an OpenShift 3.11 cluster, and my ‘external database’ is running outside of OCP (with an open firewall, I verified I can connect to the db without istio injected) The db host is support1.d9a0.internal, and from my app, I’m trying to connect to it using the hostname postgres-external.apps.d9a0.example.opentlc.com https://github.com/bkrahmer/istio-testing/blob/13035787731a3765062cdbcf384231c79bf420d6/external-postgres.yaml

Any tips would be greatly appreciated. I’m quite a newb with istio, and I’m finding the learning curve to be quite challenging.

thanks, brian