Tring to block traffic namespace level to external service and allow only port 5672 and 1433

pgokul555 · October 4, 2023, 5:36am

We have installed istio demo profile

Tring to block traffic namespace level to external service and allow only port 5672 and 1433.
Created entrypoint virtual service and Destination rule for for external traffic. But still I am able to reach google.com and other services. We want to allow only 172.18.1.15 internal communication and blost rest of the communication.

I am not sure what I am missing. We want to achieve this setup with outboundTrafficPolicy mode: ALLOW_ANY

Isto Setup:
outboundTrafficPolicy:
mode: ALLOW_ANY
rootNamespace: istio-system
trustDomain: cluster.local

Please let me know if any other details required.

Thanks
Gokul

Topic		Replies	Views
Deny "Accessing External Services" for dedicated namespace Networking	2	509	June 23, 2020
Istio Sidecar crd outboundTrafficPolicy set to REGISTRY_ONLY. ServiceEntry not honored Networking	0	464	April 23, 2022
Outbound traffic to exernal service (SOLVED) Networking	11	2213	April 19, 2019
ISTIO 1.6 traffic redirection Networking	1	527	August 7, 2020
Forward to an external https service from virtual service	3	1927	December 4, 2021

Tring to block traffic namespace level to external service and allow only port 5672 and 1433

Related Topics