Install Istio Egress Gateway using Helm

Question

I have already installed Istio Ingress Gateway in my AKS cluster using Helm (charts used istio/base, istio/istiod, istio/gateway from https://istio-release.storage.googleapis.com/charts).

Now I want to install also an Istio Egress Gateway, but I don't know if there is another Helm chart or if I have to install again the istio/gateway and configure it as Egress.

Can anyone help me with this because there is not a clear installation guide using Helm in istio documentation?

What should I install and configure to route all the cluster traffic through this Egress Gateway and restrict access to specific hosts for every workload. e.g.

apiVersion: networking.istio.io/v1
kind: ServiceEntry
metadata:
  name: external-svc-https
  namespace: testing
spec:
  hosts:
  - api.dropboxapi.com
  - www.googleapis.com
  - api.facebook.com
  location: MESH_EXTERNAL
  exportTo: "."
  ports:
  - number: 443
    name: https
    protocol: TLS
  resolution: NONE

I already found a way to allow access only to specific hosts per namespace using ServiceEntry and changing the following configuration to istiod installation.

meshConfig:
  outboundTrafficPolicy:
    mode: REGISTRY_ONLY

score 0 · Accepted Answer · answered Oct 25 '24 at 20:05

I found a workaround for this. I followed this guide to route the traffic to an egress gateway. To restrict access to only go through this gateway Network Policies have to be applied.

NOTE: This guide explains how to install istio gateway using istioctl. You can install using the following commands.

helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
helm install istio-egress istio/gateway --namespace istio-egress --wait

Install Istio Egress Gateway using Helm

1 Answers1