How to route all outbound traffic to egressgateway

justinschw · October 6, 2023, 6:18pm

Hello,

Looking at the istio documentation for egress-gateway (sorry I can’t post the link here), it looks like the recipe for directing HTTP(S) traffic through an egress gateway is:

a service entry for a specific external host (i.e. edition.cnn.com)
an egress gateway for the service
a destination rule for traffic routed to the egress gateway
a virtualservice to direct traffic from the sidecars to the egress gateway, and from the egress gateway to the external service

This is fine when we are only routing for specific external services, as in the example. But what if I have an outbound traffic policy of ALLOW_ANY and want to route all outgoing traffic in a namespace to istio-egressgateway.istio-system.svc.cluster.local? I can’t create a virtualservice with host set to *, this doesn’t work.

* wildcard host * is not allowed for virtual services bound to the mesh gateway

Thanks in advance

HVO · November 2, 2023, 1:59pm

I’ve tried too to achieve this with no success. There’s no way imho to do this with Istio. I’ll have to try with AWS nat gateway or Calico

Topic		Replies	Views
Route all Traffic to egress GW? Networking security	2	567	February 9, 2023
Redirect the outbound access through Virtual Service to external proxy Networking	0	386	August 4, 2021
AKS - Routing all traffic from pods (based on label) through specific egress gateway controller Networking	0	339	September 4, 2023
Force Traffic Through A Egress Gateway security	0	624	February 4, 2021
Egress gateway does not send traffic to destination when rewriting destination using host_rewrite_header Networking	0	694	September 5, 2022

How to route all outbound traffic to egressgateway

Related topics