Last active
February 11, 2019 17:17
-
-
Save iolalla/8df99be4dec04143e3aee992641b202c to your computer and use it in GitHub Desktop.
GKE + Istio to access Google APIS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################################################################################### | |
# External Services Istio | |
######################################################################################################################### | |
apiVersion: networking.istio.io/v1alpha3 | |
kind: ServiceEntry | |
metadata: | |
name: external-svc-https | |
spec: | |
hosts: | |
- www.googleapis.com #bigquery | |
- pubsub.googleapis.com #pubsub | |
- 136.237.338.439 #postgresql Obviously use yours | |
- 10.10.10.10 #Internal Postgresql | |
location: MESH_EXTERNAL | |
ports: | |
- number: 443 | |
name: https | |
protocol: HTTPS | |
- number: 80 | |
name: http | |
protocol: HTTP | |
resolution: DNS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you have a GKE cluster on GCP and want to access the google APIs or any resource outside the cluster you need to have a service entry in the egress proxy.
You need to add your the hosts you want to connect that are outside the GKE cluster to the hosts list, in this case I had to add Bigquery (www.googleapis.com), PubSub (pubsub.googleapis.com) and CloudSQL/PostgreSQL.
This affects to GKE managed istio version and if you install it by hand on GKE.
this link you can find the reference: https://istio.io/docs/tasks/traffic-management/egress/
If you want to use this is the command:
kubectl apply -f external-svc.yaml