Istio: Implement external (from the mesh to the outside) traffic control
Instead of defining external services or IP ranges to be ignored by proxies.
Based on the design proposals https://goo.gl/94DTSH, https://goo.gl/eYY7na.
It includes support of various protocols, and also routing-rules-to-egress-rules, like fault injection, http redirection, http rewrite, etc., when the target is an external (outside of the mesh) service
vadimeisenbergibm
All 4 comments
Related issues:
https://github.com/istio/pilot/issues/67
https://github.com/istio/pilot/pull/463
https://github.com/istio/pilot/issues/515
vadimeisenbergibm
on 25 Jul 2017
can you elaborate a bit more on what you propose ?
afaik egress seems http/https only as well as cumbersome as you have to list every service you might use while https://github.com/istio/pilot/issues/903 would be to not try to adversely affect external traffic
ldemailly
on 14 Aug 2017
@ldemailly Please see design proposal https://goo.gl/94DTSH. Your comments are welcome.
This design proposal is about adding to Istio egress rules with wildcards, to specify, for example, that all the traffic to *.bluemix.net or *.amazonaws.com goes thru egress. This way there is no need to list every service.
vadimeisenbergibm
on 15 Aug 2017
@ldemailly Please see also https://github.com/istio/istio/issues/552 .
vadimeisenbergibm
on 15 Aug 2017
Related issues
emedina
路
130Comments
linsun
路
58Comments
yacut
路
73Comments
kyessenov
路
72Comments
fhoy
路
139Comments
Most helpful comment
@ldemailly Please see design proposal https://goo.gl/94DTSH. Your comments are welcome.
This design proposal is about adding to Istio egress rules with wildcards, to specify, for example, that all the traffic to
*.bluemix.netor*.amazonaws.comgoes thru egress. This way there is no need to list every service.