Help Needed: Istio Egress Exit Code 35

#1

Hi,

I am trying to setup istio on k8s cluster (1 master and 2 worker nodes). After following the set-up instructions I am unable to have egress gateway working.

I am trying the official example to validate egress and ending up with exit code 35.

kubectl exec -it $SOURCE_POD -c sleep – curl -I https://www.google.com | grep “HTTP/”; kubectl exec -it $SOURCE_POD -c sleep – curl -I https://edition.cnn.com | grep “HTTP/”
command terminated with exit code 35

Can someone please help? This is a blocker issue for us.

#2

I think maybe your DestinationRule all add trafficPolicy to TLS.
so should change the VirtualService and DestinationRule.

In the VirtualService add subset for HTTP originate-tls

- match:
    - gateways:
      - istio-egressgateway
      port: 80
    route:
    - destination:
        host: www.google.com
        subset: originate-tls
        port:
          number: 443
      weight: 100

and only subset=originate-tls add trafficPolicy

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: originate-tls-for-google
spec:
  host: www.google.com
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
  subsets:
    - name: originate-tls
      trafficPolicy:
        loadBalancer:
          simple: ROUND_ROBIN
        portLevelSettings:
        - port:
            number: 443
          tls:
            mode: SIMPLE