-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Istio Egress gateway wild card hosts #51507
Comments
related to https://istio.io/latest/blog/2023/egress-sni/? |
Any specific area can you point in our config that needs to be changed. |
NONE mode cannot work on gateways. This means "use the original destination IP". However, the destination IP is the egress gw itself! |
removed the NONE, but still issue remains the same.
|
The default is NONE so you did not really remove it 🙂 . There is no current built in way to achieve this. You will need to do something like https://istio.io/latest/blog/2023/egress-sni/ |
:) thanks its working now. The blog apparently looks pretty complex but while implementing it is easy. |
Is this the right place to submit this?
Bug Description
Hello Team,
We are configuring wildcard hosts entires in our service entry, virtual service, destination rule and Gateway but the connection is not going through. Connection from istio-proxy sidecar container is being routed to istio egress gateway but from istio egress gateway can't see any connection to the internet (actual host).
Config File :
Error Message :
Connection is forwarded from istio-proxy sidecar to egressgateway
[2024-06-11T12:58:35.518Z] "- - -" 0 - - - "-" 350 0 2 - "-" "-" "-" "-" "xx.xx.xx.xx:443" outbound|443|gha-runner|istio-egressgateway.istio-system.svc.cluster.local xx.xx.xx.xx:45434 xx.xx.xx.xx:443 xx.xx.xx.xx:53104 *.*com -
[2024-06-11T12:58:35.522Z] "- - -" 0 - - - "-" 350 0 2 - "-" "-" "-" "-" "xx.xx.xx.xx:443" outbound|443|gha-runner|istio-egressgateway.istio-system.svc.cluster.local xx.xx.xx.xx:45444 xx.xx.xx.xx:443 xx.xx.xx.xx:53108 *.*com -
But traffic from egressgateway to internet is showing the below message
[2024-06-11T12:58:35.633Z] "- - -" 0 UH - - "-" 0 0 0 - "-" "-" "-" "-" "-" outbound|443||*.com - xx.xx.xx.xx:443 xx.xx.xx.xx:45476 ..com -
Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: