Hi,
I am trying to setup istio on k8s cluster (1 master and 2 worker nodes). After following the set-up instructions I am unable to have egress gateway working.
I am trying the official example to validate egress and ending up with exit code 35.
kubectl exec -it $SOURCE_POD -c sleep – curl -I https://www.google.com | grep “HTTP/”; kubectl exec -it $SOURCE_POD -c sleep – curl -I https://edition.cnn.com | grep “HTTP/”
command terminated with exit code 35
Can someone please help? This is a blocker issue for us.
I think maybe your DestinationRule all add trafficPolicy to TLS.
so should change the VirtualService and DestinationRule.
In the VirtualService add subset for HTTP originate-tls
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: www.google.com
subset: originate-tls
port:
number: 443
weight: 100
and only subset=originate-tls add trafficPolicy
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: originate-tls-for-google
spec:
host: www.google.com
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
subsets:
- name: originate-tls
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
portLevelSettings:
- port:
number: 443
tls:
mode: SIMPLE