I just started with Istio but for some reason there is something confusing in the documentation that I don’t understand.
I am using this configuration :
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: test
spec:
hosts:
- test.com
ports:
- number: 443
name: tls
protocol: TLS
resolution: DNS
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: tls
protocol: TLS
hosts:
- test.com
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-binance
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: test
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-binance-through-egress-gateway
spec:
hosts:
- test.com
gateways:
- mesh
- istio-egressgateway
tls:
- match:
- gateways:
- mesh
port: 443
sniHosts:
- test.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: test
port:
number: 443
- match:
- gateways:
- istio-egressgateway
port: 443
sniHosts:
- test.com
route:
- destination:
host: test.com
port:
number: 443
weight: 100
My egress-gateway is in a namespace named ‘istio-system’, along wtih istiod. I want to deploy a set of pods and route their https requests through the istio egress gateway in istio-system namespace. These set of pods are deployed in the sleep-test namespace. When I apply these manifests on the sleep-test namespace, requests won’t go through the istio-system namespace egress gateway. What I’m missing ? Do I have to specify somehow the namespace in where the egress trafic originates ? Thanks