Istio gateway + kubernetes vanilla with zuul proxy

Hi guys,

Today I have a cluster using vanilla k8s with Nginx ingress controller and Zuul proxy and I’d like to change this stack to use Istio, but I need to continue to use Zuul proxy for a long time because I have a lot of rules into Zuul. So I’m trying to use the Istio Gateway to redirect my all requests for the Zuul Gateway but isn’t it works, why? The Istio does not permit use pod without sidecar?

My configuration is:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-virtual-service
spec:
  hosts:
    - "*"
  gateways:
    - istio-gateway
  http:
    - name: my pods with sidecar
      match:
        - uri:
            prefix: /foo
      route:
        - destination:
            host: foo-service
    - name: all requests without sidecar
      route:
        - destination:
            host: zuul-gateway-service

Tks

Hi, @mauricioadlima I had the same question not long ago. If you want to connect meshed and not meshed services to talk to each other, you should use ServiceEntry. The only thing you must be aware of is that if you have mTLS forced globally, it might be an issue because of the encryption, but if you are using it at the DestinationRule level, you should be able to manage.
Let me know if this helps.

Tks man, I’ll try use the service entry and after that I post the solution here.

If there is anything else I can help let me know.

Maybe I need more help.

I created my entry:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: my-entry
spec:
  hosts:
  - my-not-meshed-service
  location: MESH_EXTERNAL
  ports:
  - number: 80
    name: http

And configurated my virtual service:

- match:
        - uri:
            prefix: /
      route:
        - destination:
            host: my-not-meshed-service

But not work. Do you have any observations?

Tks