My use case is to access an external IP address through egress gateway. I created a service entry for an external IP, then a virtual service having that IP address in the host field since I want to access the endpoint without giving host header. Egress gateway and service are already created.
I observed that source pod’s proxy does not show route to egress gateway when IP address is used in virtual service instead it shows the service entry’s cluster. So my request goes through the service entry NOT through egress gateway. Additionally, after application of this config, I see all proxy’s RDS status changes to STALE.
Is this behaviour expected? As mentioned in virtual service doc:
Host Could be a DNS name with wildcard prefix or an IP address. Then why is this behaviour being shown. Am I missing something?
Please find configuration for these resource below:
Service Entry
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: ip-external
spec:
hosts:
- "ip-external.com"
addresses:
- 10.20.30.40
ports:
- number: 80
name: http
protocol: HTTP
resolution: STATIC
endpoints:
- address: 10.20.30.40
Virtual Service
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-ip-virtual-service
spec:
hosts:
- 10.20.30.40
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route: # route requests from mesh to egress gateway
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
port:
number: 80
- match:
- gateways:
- istio-egressgateway
port: 80
route: # route requests from egress gateway to external service
- destination:
host: ip-external.com
port:
number: 80