Hi All,
We have deployed istio on EKS, We are trying to reach an application hosted in internet from our micorservice deployed in istio. I thought by default no connection will go out of the mesh even if the server has internet access but we are able to reach the internet site without configuring istio egressgateway. So by default all connections will be allowed and we have to enable istio-egressgateway to block all the traffic and allow only few?.
kubectl exec -it $SOURCE_POD -c istio-proxy – curl -sL -o /dev/null -D - http://google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Tue, 13 Aug 2019 03:50:13 GMT
Expires: Thu, 12 Sep 2019 03:50:13 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
HTTP/1.1 200 OK
Date: Tue, 13 Aug 2019 03:50:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP=“This is not a P3P policy! See g.co/p3phelp for more info.”
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2019-08-13-03; expires=Thu, 12-Sep-2019 03:50:13 GMT; path=/; domain=.google.com
Set-Cookie: NID=188=nsuiBiIC8adtC48zulL3xT1WcVGiaclxiSUCYIZcfpavACSQajW90UlKjdH29pszf2r7qPWpBW6Z9WeqyFakjBMgVT_iis8Drph_nzep2vigkyS3yAVSaH0lSnGn_1xqi72IQPomkpWw1-xt4jDNY_AgoS7qPg1m_hBFupFkXP4; expires=Wed, 12-Feb-2020 03:50:13 GMT; path=/; domain=.google.com; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked