My internal service needs to access another internal service using the public FQDN. Can this be configured to not leave the cluster? On the current virtual service, I am specifying the ingress gateway and the “mesh” gateway. Curl requests seem to be traversing public address space and hitting the ingress gateway instead of going to the service directly.
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: service labels: app: service spec: gateways: - istio-system/service-gateway - mesh hosts: - service.example.com exportTo: - "*" http: - route: - destination: host: service.ns.svc.cluster.local port: number: 1234
Can internal requests to ‘service.example.com’ stay internal?