I am having difficulty routing all traffic (for a namespace) to the egress. The peculiarity lies in what we are trying to do. We have a batch service that is supposed to retrieve generic/changing URLs. I have followed the instructions described here: Istio / Egress using Wildcard Hosts
The examples however, are handled according to the *.domain.org scheme. But I need something that passes all external traffic for a namespace to the egress. So something like .
Hi, I think this model can not be implemented with Istio.
From my point of view, Istio is designed to do just the opposite: allow all the egress traffic (via PassthroughCluster) and only capture specific traffic by using Virtual Services and route it through the Egress GW for example. Thus, a wildcard in a Virtual Service is not allowed because it would imply matching all the traffic in the mesh.
Besides this, the guide mentioned “Egress using Wildcard Hosts” is only for HTTPS traffic, because it uses the SNI host to match the destination host. So, what about HTTP, gRPC or TCP? You can’t implement this feature with those protocols.
There is a proposal to support this - but most likely will be implemented for Ambient first.
‘All traffic’ will actually be all public internet traffic, using the public IP ranges as default ( users may still customize,
since it’s common to use some officially public IP as private IP). It is not a very hard change - but nobody
had the time to do it, and it’s much simpler in Ambient.