I would like one of the controllers to access the remote control plane of k8s in GCP. The controller is working on a different cluster. Also the cluster with the controller is running Istio and I would like to use egress gateway to route the traffic from the controller to the external k8s. The problem here is that that GKE cluster is exposed via IP address instead of dns name meaning I got to use ip address as hostname in VirtualService. Question is how do I fix the configuration?
The configuration that I have tried so far:
---
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: external-cluster
namespace: gcp-europe-west1-b
spec:
hosts:
- gcp
addresses:
- "1.2.3.4"
location: MESH_EXTERNAL
ports:
- number: 443
name: https
protocol: TLS
resolution: STATIC
endpoints:
- address: "1.2.3.4"
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gcp-gateway
namespace: gcp-europe-west1-b
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-gcp
namespace: gcp-europe-west1-b
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: ex
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cluster-through-egress-gateway
namespace: gcp-europe-west1-b
spec:
hosts:
- "1.2.3.4"
gateways:
- mesh
- gcp-gateway
tls:
- match:
- gateways:
- mesh
port: 443
sniHosts:
- "1.2.3.4"
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: ex
port:
number: 443
- match:
- gateways:
- gcp-gateway
port: 443
sniHosts:
- "1.2.3.4"
route:
- destination:
host: gcp <----- Destination host do not accept ip address. What do I put here?
port:
number: 443
weight: 100
This is the output from istio proxy sidecar when doing curl: screenshot But nothing shows up in the egress gateway logs.
Btw I am super new to Istio
Thanks in advance,
