TLS origination for egress traffic test failing when k8s is behind corporate proxy

Hi All,
We have Openshift k8s cluster deployed behind corporate proxy. We enabled Istio and now running maistra-test-tool 2.3 tests.

Since k8s cluster is behind corporate proxy we have to use http_proxy/https_proxy inside pod for egress tests and we are using --proxy in the curl command.
kubectl exec sleep-85df789ffc-7k7kc -n bookinfo -c sleep -- curl --proxy <corporate-proxy> -sSL -o /dev/null -D -

But this test maistra-test-tool/test_cases.go at 769761a788d95e070c33ae51dc1afe7c32803cd3 · maistra/maistra-test-tool · GitHub is failing which is testing scenario Istio / Egress TLS Origination.

As part of this test, following service entry and destination rule is created and it is expected to initiate https connection for

kind: ServiceEntry
  name: istio-io
  - number: 80
    name: http-port
    protocol: HTTP
    targetPort: 443
  - number: 443
    name: https-port
    protocol: HTTPS
  resolution: DNS
kind: DestinationRule
  name: edition-istio-io
    - port:
        number: 80
        mode: SIMPLE # initiates HTTPS when accessing

But request is going out as and we are getting 301 and then request is redirected to which is not expected, instead request should go out as and we should get 200 OK response directly.

Test case logs

INFO[2023-01-16T03:01:17-05:00] Running command kubectl exec sleep-85df789ffc-7k7kc -n bookinfo -c sleep -- curl --proxy <corporate-proxy> -sSL -o /dev/null -D -
INFO[2023-01-16T03:01:17-05:00] Command output:
HTTP/1.1 301 Moved Permanently
Server: Netlify
Date: Mon, 16 Jan 2023 08:02:16 GMT
Content-Length: 32
Content-Type: text/plain; charset=utf-8
Via: 1.1 (Cisco-WSA/X)
Connection: keep-alive
Proxy-Connection: keep-alive

HTTP/1.1 200 Connection established

HTTP/2 200
access-control-allow-origin: *
age: 4311
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 16 Jan 2023 06:50:26 GMT
etag: "4dd9469a5840a4d840b9304eb9a0f1e8-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-nf-request-id: 01GPWSKDWY12ZBBND9XK1Q22WX
x-xss-protection: 1; mode=block
content-length: 30722

So how do we validate this scenario ? Any other configuration is needed for this istio test when k8s is behind corporate proxy ?

Adding more updates,
I had already created a ServiceEntry for corporate proxy as mentioned here Istio / Using an External HTTPS Proxy.

But in the same link at the bottom it says

Note that you must not create service entries for the external services you access through the external proxy, like
This is because from Istio’s point of view the requests are sent to the external proxy only;
Istio is not aware of the fact that the external proxy forwards the requests further.

With this we can see that sidecar is redirecting request to corporate proxy and corporate proxy sending request out, but because of this, DestinationRule created to translate http to https does not hit.

Now question arises, is this a valid test for k8s cluster behind a corporate proxy ?