farcaller · August 25, 2024 12:25
diff --git a/istio.yaml b/istio.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: external-https-route
  namespace: default
 spec:
  # in here you specify how the traffic arrives to your ingress,   
  # i.e. the gateway and the hostname
  parentRefs:
    - name: helloworld
      namespace: istio-ingress
  hostnames: ["test.example.com"]
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      # you forward the traffic to a magic networking.istio.io/Hostname  
      # that only exists in code.
      backendRefs:
        - kind: Hostname
          group: networking.istio.io
          # make sure the hostname and port match the ServiceEntry!
          name: farcaller.net
          port: 443
      filters:
        # you might also want to rewrite the host header to match
        - type: RequestHeaderModifier
          requestHeaderModifier:
            set:
              - name: host
                value: farcaller.net
 ---
 apiVersion: networking.istio.io/v1beta1
 kind: ServiceEntry
 metadata:
  name: external-service
  namespace: default
 spec:
  # define an outgoing cluster (where envoy sends traffic)
  hosts:
    - farcaller.net
  ports:
    - number: 443
      name: https
      protocol: HTTPS
  resolution: DNS
  location: MESH_EXTERNAL
 ---
 apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
  name: external-service
 spec:
  host: farcaller.net
  # in case of TLS, you need to set the policy to SIMPLE and, most
  # probably, add the SNI.
  trafficPolicy:
    tls:
      mode: SIMPLE
      sni: farcaller.net
	apiVersion: gateway.networking.k8s.io/v1
	kind: HTTPRoute
	metadata:
	name: external-https-route
	namespace: default
	spec:
	# in here you specify how the traffic arrives to your ingress,
	# i.e. the gateway and the hostname
	parentRefs:
	- name: helloworld
	namespace: istio-ingress
	hostnames: ["test.example.com"]
	rules:
	- matches:
	- path:
	type: PathPrefix
	value: /
	# you forward the traffic to a magic networking.istio.io/Hostname
	# that only exists in code.
	backendRefs:
	- kind: Hostname
	group: networking.istio.io
	# make sure the hostname and port match the ServiceEntry!
	name: farcaller.net
	port: 443
	filters:
	# you might also want to rewrite the host header to match
	- type: RequestHeaderModifier
	requestHeaderModifier:
	set:
	- name: host
	value: farcaller.net
	---
	apiVersion: networking.istio.io/v1beta1
	kind: ServiceEntry
	metadata:
	name: external-service
	namespace: default
	spec:
	# define an outgoing cluster (where envoy sends traffic)
	hosts:
	- farcaller.net
	ports:
	- number: 443
	name: https
	protocol: HTTPS
	resolution: DNS
	location: MESH_EXTERNAL
	---
	apiVersion: networking.istio.io/v1
	kind: DestinationRule
	metadata:
	name: external-service
	spec:
	host: farcaller.net
	# in case of TLS, you need to set the policy to SIMPLE and, most
	# probably, add the SNI.
	trafficPolicy:
	tls:
	mode: SIMPLE
	sni: farcaller.net