I have a number of services running within our mesh. They use an ingress-gateway to allow traffic in via an AWS Network Load Balancer.
Some of the services need to call one another but use the public DNS name rather than the internal svc.cluster.local address.
I’ve tried the following but this actually stops all access to the pods from internal and external endpoints.
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: service
spec:
hosts:
- service.example.com
location: MESH_INTERNAL
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
workloadSelector:
labels:
istio: ingress
The VirtualService currently in place for the ingress gateway is:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: service
spec:
gateways:
- istio-ingress/gateway
hosts:
- service.example.com
http:
- match:
- uri:
prefix: /
route:
- destination:
host: service.namespace.svc.cluster.local
port:
number: 80