Egress Gateway
Definition
An Egress Gateway is a network component that manages outbound traffic from a service mesh to external services. It acts as a controlled exit point, enforcing security policies, such as access control and traffic monitoring, to ensure that only authorized and secure communications occur between internal services and external networks. Egress Gateways help maintain compliance with security standards by providing a centralized point for logging and auditing outbound traffic.
Secure Settings Example
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: egress-gateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*.external-service.com"
tls:
mode: SIMPLE
credentialName: egress-gateway-certs
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-service
spec:
hosts:
- "*.external-service.com"
gateways:
- egress-gateway
- mesh
http:
- match:
- port: 443
route:
- destination:
host: external-service.com
port:
number: 443
Insecure Settings Example
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: egress-gateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: external-service
spec:
hosts:
- "*"
gateways:
- egress-gateway
- mesh
http:
- match:
- port: 80
route:
- destination:
host: external-service.com
port:
number: 80