istio newb hoping to get started once the forthcoming integration with hashicorp’s vault is available (1.1). looking at the documentation for the integration itself, i notice it seems to require whitelisting of the vault installation so that istio does not intercept requests.
The testing Vault server used in this tutorial has the IP address
18.104.22.168. The configuration
global.proxy.excludeIPRanges="22.214.171.124/32"whitelists the IP address of the testing Vault server, so that Envoy will not intercept the traffic from Node Agent to Vault.
in my configuration, vault does not live at a stable IP address, but behind a provider’s load balancer with an unstable pool of addresses, fronted with a stable domain.
is there a way to whitelist domains in the global.proxy settings (or elsewhere)?
any other workarounds for such a scenario?