istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gateway-api: add Gateway API instructions to wildcard egress doc (#14654) 

* gateway-api: add Gateway API instructions to wildcard egress doc

* v1beta1

* regen
This commit is contained in:
Frank Budinsky 2024-02-27 15:50:16 -05:00 committed by GitHub
parent ed153b9f3b
commit 0997aa87fc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 380 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/gtwapi_test.sh Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/env bash
# shellcheck disable=SC1090,SC2154
# Copyright Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
source "tests/util/gateway-api.sh"
install_gateway_api_crds
# @setup profile=none
source "content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/test.sh"
# @cleanup
snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2
snip_cleanup_1
snip_cleanup_2
kubectl delete ns istio-system
kubectl label namespace default istio-injection-
remove_gateway_api_crds

307
content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
View File

@ -23,22 +23,42 @@ Each version of `wikipedia.org` in a particular language has its own hostname, e
You want to enable egress traffic by common configuration items for all the Wikipedia sites, You want to enable egress traffic by common configuration items for all the Wikipedia sites,
without the need to specify every language's site separately. without the need to specify every language's site separately.
{{< boilerplate gateway-api-gamma-support >}}
## Before you begin ## Before you begin
* Install Istio using the `demo` [configuration profile](/docs/setup/additional-setup/config-profiles/) * Install Istio with access logging enabled and with the blocking-by-default outbound traffic policy:
and with the blocking-by-default outbound traffic policy:
{{< text bash >}} {{< tabset category-name="config-api" >}}
$ istioctl install --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
{{< /text >}}
{{< tip >}} {{< tab name="Istio APIs" category-value="istio-apis" >}}
You can run this task on an Istio configuration other than the `demo` profile as long as you make sure to
[deploy the Istio egress gateway](/docs/tasks/traffic-management/egress/egress-gateway/#deploy-istio-egress-gateway), {{< text bash >}}
[enable Envoys access logging](/docs/tasks/observability/logs/access-log/#enable-envoy-s-access-logging), and $ istioctl install --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
[apply the blocking-by-default outbound traffic policy](/docs/tasks/traffic-management/egress/egress-control/#change-to-the-blocking-by-default-policy) {{< /text >}}
in your installation.
{{< /tip >}} {{< tip >}}
You can run this task on an Istio configuration other than the `demo` profile as long as you make sure to
[deploy the Istio egress gateway](/docs/tasks/traffic-management/egress/egress-gateway/#deploy-istio-egress-gateway),
[enable Envoys access logging](/docs/tasks/observability/logs/access-log/#enable-envoy-s-access-logging), and
[apply the blocking-by-default outbound traffic policy](/docs/tasks/traffic-management/egress/egress-control/#change-to-the-blocking-by-default-policy)
in your installation.
{{< /tip >}}
{{< /tab >}}
{{< tab name="Gateway API" category-value="gateway-api" >}}
{{< text bash >}}
$ istioctl install --set profile=minimal -y \
--set values.pilot.env.PILOT_ENABLE_ALPHA_GATEWAY_API=true \
--set meshConfig.accessLogFile=/dev/stdout \
--set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
* Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests. * Deploy the [sleep]({{< github_tree >}}/samples/sleep) sample app to use as a test source for sending requests.
If you have If you have
@ -124,77 +144,154 @@ the configured route destination will not be the same as the configured host,
i.e., the wildcard. It will instead be configured with the host of the single server for i.e., the wildcard. It will instead be configured with the host of the single server for
the set of domains. the set of domains.
1. Create an egress `Gateway` for _*.wikipedia.org_, a destination rule and a virtual service 1. Create an egress `Gateway` for _*.wikipedia.org_ and route rules
to direct the traffic through the egress gateway and from the egress gateway to the external service. to direct the traffic through the egress gateway and from the egress gateway to the external service:
{{< text bash >}} {{< tabset category-name="config-api" >}}
$ kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 {{< tab name="Istio APIs" category-value="istio-apis" >}}
kind: Gateway
metadata: {{< text bash >}}
name: istio-egressgateway $ kubectl apply -f - <<EOF
spec: apiVersion: networking.istio.io/v1alpha3
selector: kind: Gateway
istio: egressgateway metadata:
servers: name: istio-egressgateway
- port: spec:
number: 443 selector:
name: https istio: egressgateway
protocol: HTTPS servers:
hosts: - port:
- "*.wikipedia.org" number: 443
tls: name: https
mode: PASSTHROUGH protocol: HTTPS
--- hosts:
apiVersion: networking.istio.io/v1alpha3 - "*.wikipedia.org"
kind: DestinationRule tls:
metadata: mode: PASSTHROUGH
name: egressgateway-for-wikipedia ---
spec: apiVersion: networking.istio.io/v1alpha3
host: istio-egressgateway.istio-system.svc.cluster.local kind: DestinationRule
subsets: metadata:
- name: wikipedia name: egressgateway-for-wikipedia
--- spec:
apiVersion: networking.istio.io/v1alpha3 host: istio-egressgateway.istio-system.svc.cluster.local
kind: VirtualService subsets:
metadata: - name: wikipedia
name: direct-wikipedia-through-egress-gateway ---
spec: apiVersion: networking.istio.io/v1alpha3
hosts: kind: VirtualService
- "*.wikipedia.org" metadata:
gateways: name: direct-wikipedia-through-egress-gateway
spec:
hosts:
- "*.wikipedia.org"
gateways:
- mesh
- istio-egressgateway
tls:
- match:
- gateways:
- mesh - mesh
port: 443
sniHosts:
- "*.wikipedia.org"
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: wikipedia
port:
number: 443
weight: 100
- match:
- gateways:
- istio-egressgateway - istio-egressgateway
tls: port: 443
- match: sniHosts:
- gateways: - "*.wikipedia.org"
- mesh route:
port: 443 - destination:
sniHosts: host: www.wikipedia.org
- "*.wikipedia.org" port:
route: number: 443
- destination: weight: 100
host: istio-egressgateway.istio-system.svc.cluster.local EOF
subset: wikipedia {{< /text >}}
port:
number: 443
weight: 100
- match:
- gateways:
- istio-egressgateway
port: 443
sniHosts:
- "*.wikipedia.org"
route:
- destination:
host: www.wikipedia.org
port:
number: 443
weight: 100
EOF
{{< /text >}}
1. Create a `ServiceEntry` for the destination server, _www.wikipedia.org_. {{< /tab >}}
{{< tab name="Gateway API" category-value="gateway-api" >}}
{{< text bash >}}
$ kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: wikipedia-egress-gateway
annotations:
networking.istio.io/service-type: ClusterIP
spec:
gatewayClassName: istio
listeners:
- name: tls
hostname: "*.wikipedia.org"
port: 443
protocol: TLS
tls:
mode: Passthrough
allowedRoutes:
namespaces:
from: Same
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: direct-wikipedia-to-egress-gateway
spec:
parentRefs:
- kind: ServiceEntry
group: networking.istio.io
name: wikipedia
rules:
- backendRefs:
- name: wikipedia-egress-gateway-istio
port: 443
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: forward-wikipedia-from-egress-gateway
spec:
parentRefs:
- name: wikipedia-egress-gateway
hostnames:
- "*.wikipedia.org"
rules:
- backendRefs:
- kind: Hostname
group: networking.istio.io
name: www.wikipedia.org
port: 443
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: wikipedia
spec:
hosts:
- "*.wikipedia.org"
ports:
- number: 443
name: https
protocol: HTTPS
EOF
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
2) Create a `ServiceEntry` for the destination server, _www.wikipedia.org_:
{{< text bash >}} {{< text bash >}}
$ kubectl apply -f - <<EOF $ kubectl apply -f - <<EOF
@ -213,7 +310,7 @@ the set of domains.
EOF EOF
{{< /text >}} {{< /text >}}
1. Send HTTPS requests to 3) Send HTTPS requests to
[https://en.wikipedia.org](https://en.wikipedia.org) and [https://de.wikipedia.org](https://de.wikipedia.org): [https://en.wikipedia.org](https://en.wikipedia.org) and [https://de.wikipedia.org](https://de.wikipedia.org):
{{< text bash >}} {{< text bash >}}
@ -222,17 +319,37 @@ the set of domains.
<title>Wikipedia Die freie Enzyklopädie</title> <title>Wikipedia Die freie Enzyklopädie</title>
{{< /text >}} {{< /text >}}
1. Check the statistics of the egress gateway's proxy for the counter that corresponds to your 4) Check the statistics of the egress gateway's proxy for the counter that corresponds to your
requests to _*.wikipedia.org_. If Istio is deployed in the `istio-system` namespace, the command to print the requests to _*.wikipedia.org_:
counter is:
{{< text bash >}} {{< tabset category-name="config-api" >}}
$ kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:'
outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 {{< tab name="Istio APIs" category-value="istio-apis" >}}
{{< /text >}}
{{< text bash >}}
$ kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:'
outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2
{{< /text >}}
{{< /tab >}}
{{< tab name="Gateway API" category-value="gateway-api" >}}
{{< text bash >}}
$ kubectl exec "$(kubectl get pod -l gateway.networking.k8s.io/gateway-name=wikipedia-egress-gateway -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:'
outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
### Cleanup egress gateway traffic to a wildcard host ### Cleanup egress gateway traffic to a wildcard host
{{< tabset category-name="config-api" >}}
{{< tab name="Istio APIs" category-value="istio-apis" >}}
{{< text bash >}} {{< text bash >}}
$ kubectl delete serviceentry www-wikipedia $ kubectl delete serviceentry www-wikipedia
$ kubectl delete gateway istio-egressgateway $ kubectl delete gateway istio-egressgateway
@ -240,6 +357,22 @@ $ kubectl delete virtualservice direct-wikipedia-through-egress-gateway
$ kubectl delete destinationrule egressgateway-for-wikipedia $ kubectl delete destinationrule egressgateway-for-wikipedia
{{< /text >}} {{< /text >}}
{{< /tab >}}
{{< tab name="Gateway API" category-value="gateway-api" >}}
{{< text bash >}}
$ kubectl delete se wikipedia
$ kubectl delete se www-wikipedia
$ kubectl delete gtw wikipedia-egress-gateway
$ kubectl delete tlsroute direct-wikipedia-to-egress-gateway
$ kubectl delete tlsroute forward-wikipedia-from-egress-gateway
{{< /text >}}
{{< /tab >}}
{{< /tabset >}}
## Wildcard configuration for arbitrary domains ## Wildcard configuration for arbitrary domains
The configuration in the previous section worked because all the `*.wikipedia.org` sites can be served by any one The configuration in the previous section worked because all the `*.wikipedia.org` sites can be served by any one

101
content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/snips.sh
View File

@ -19,20 +19,28 @@
# WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE:
# docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md # docs/tasks/traffic-management/egress/wildcard-egress-hosts/index.md
#################################################################################################### ####################################################################################################
source "content/en/boilerplates/snips/gateway-api-gamma-support.sh"
snip_before_you_begin_1() { snip_before_you_begin_1() {
istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=demo --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
} }
snip_before_you_begin_2() { snip_before_you_begin_2() {
kubectl apply -f samples/sleep/sleep.yaml istioctl install --set values.pilot.env.PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING=true --set profile=minimal -y \
--set values.pilot.env.PILOT_ENABLE_ALPHA_GATEWAY_API=true \
--set meshConfig.accessLogFile=/dev/stdout \
--set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
} }
snip_before_you_begin_3() { snip_before_you_begin_3() {
kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml) kubectl apply -f samples/sleep/sleep.yaml
} }
snip_before_you_begin_4() { snip_before_you_begin_4() {
kubectl apply -f <(istioctl kube-inject -f samples/sleep/sleep.yaml)
}
snip_before_you_begin_5() {
export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name})
} }
@ -134,6 +142,71 @@ EOF
snip_configure_egress_gateway_traffic_to_a_wildcard_host_2() { snip_configure_egress_gateway_traffic_to_a_wildcard_host_2() {
kubectl apply -f - <<EOF kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: wikipedia-egress-gateway
annotations:
networking.istio.io/service-type: ClusterIP
spec:
gatewayClassName: istio
listeners:
- name: tls
hostname: "*.wikipedia.org"
port: 443
protocol: TLS
tls:
mode: Passthrough
allowedRoutes:
namespaces:
from: Same
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: direct-wikipedia-to-egress-gateway
spec:
parentRefs:
- kind: ServiceEntry
group: networking.istio.io
name: wikipedia
rules:
- backendRefs:
- name: wikipedia-egress-gateway-istio
port: 443
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: forward-wikipedia-from-egress-gateway
spec:
parentRefs:
- name: wikipedia-egress-gateway
hostnames:
- "*.wikipedia.org"
rules:
- backendRefs:
- kind: Hostname
group: networking.istio.io
name: www.wikipedia.org
port: 443
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: wikipedia
spec:
hosts:
- "*.wikipedia.org"
ports:
- number: 443
name: https
protocol: HTTPS
EOF
}
snip_configure_egress_gateway_traffic_to_a_wildcard_host_3() {
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3 apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry kind: ServiceEntry
metadata: metadata:
@ -149,20 +222,28 @@ spec:
EOF EOF
} }
snip_configure_egress_gateway_traffic_to_a_wildcard_host_3() { snip_configure_egress_gateway_traffic_to_a_wildcard_host_4() {
kubectl exec "$SOURCE_POD" -c sleep -- sh -c 'curl -s https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o "<title>.*</title>"' kubectl exec "$SOURCE_POD" -c sleep -- sh -c 'curl -s https://en.wikipedia.org/wiki/Main_Page | grep -o "<title>.*</title>"; curl -s https://de.wikipedia.org/wiki/Wikipedia:Hauptseite | grep -o "<title>.*</title>"'
} }
! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_3_out <<\ENDSNIP ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out <<\ENDSNIP
<title>Wikipedia, the free encyclopedia</title> <title>Wikipedia, the free encyclopedia</title>
<title>Wikipedia Die freie Enzyklopädie</title> <title>Wikipedia Die freie Enzyklopädie</title>
ENDSNIP ENDSNIP
snip_configure_egress_gateway_traffic_to_a_wildcard_host_4() { snip_configure_egress_gateway_traffic_to_a_wildcard_host_5() {
kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:' kubectl exec "$(kubectl get pod -l istio=egressgateway -n istio-system -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n istio-system -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:'
} }
! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out <<\ENDSNIP ! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_5_out <<\ENDSNIP
outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2
ENDSNIP
snip_configure_egress_gateway_traffic_to_a_wildcard_host_6() {
kubectl exec "$(kubectl get pod -l gateway.networking.k8s.io/gateway-name=wikipedia-egress-gateway -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -- pilot-agent request GET clusters | grep '^outbound|443||www.wikipedia.org.*cx_total:'
}
! read -r -d '' snip_configure_egress_gateway_traffic_to_a_wildcard_host_6_out <<\ENDSNIP
outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2 outbound|443||www.wikipedia.org::208.80.154.224:443::cx_total::2
ENDSNIP ENDSNIP
@ -173,6 +254,14 @@ kubectl delete virtualservice direct-wikipedia-through-egress-gateway
kubectl delete destinationrule egressgateway-for-wikipedia kubectl delete destinationrule egressgateway-for-wikipedia
} }
snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2() {
kubectl delete se wikipedia
kubectl delete se www-wikipedia
kubectl delete gtw wikipedia-egress-gateway
kubectl delete tlsroute direct-wikipedia-to-egress-gateway
kubectl delete tlsroute forward-wikipedia-from-egress-gateway
}
snip_cleanup_1() { snip_cleanup_1() {
kubectl delete -f samples/sleep/sleep.yaml kubectl delete -f samples/sleep/sleep.yaml
} }

56
content/en/docs/tasks/traffic-management/egress/wildcard-egress-hosts/test.sh
View File

@ -21,14 +21,20 @@ set -e
set -u set -u
set -o pipefail set -o pipefail
echo y | snip_before_you_begin_1 GATEWAY_API="${GATEWAY_API:-false}"
if [ "$GATEWAY_API" == "true" ]; then
snip_before_you_begin_2
else
echo y | snip_before_you_begin_1
fi
_wait_for_deployment istio-system istiod _wait_for_deployment istio-system istiod
kubectl label namespace default istio-injection=enabled --overwrite kubectl label namespace default istio-injection=enabled --overwrite
snip_before_you_begin_2 snip_before_you_begin_3
_wait_for_deployment default sleep _wait_for_deployment default sleep
snip_before_you_begin_4 snip_before_you_begin_5
confirm_blocking() { confirm_blocking() {
kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://www.google.com | grep "HTTP/"; kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://edition.cnn.com | grep "HTTP/" kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://www.google.com | grep "HTTP/"; kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -I https://edition.cnn.com | grep "HTTP/"
@ -42,27 +48,35 @@ _verify_same snip_configure_direct_traffic_to_a_wildcard_host_2 "$snip_configure
snip_cleanup_direct_traffic_to_a_wildcard_host_1 snip_cleanup_direct_traffic_to_a_wildcard_host_1
snip_configure_egress_gateway_traffic_to_a_wildcard_host_1 if [ "$GATEWAY_API" == "true" ]; then
_wait_for_istio gateway default istio-egressgateway snip_configure_egress_gateway_traffic_to_a_wildcard_host_2
_wait_for_istio destinationrule default egressgateway-for-wikipedia kubectl wait --for=condition=programmed gtw wikipedia-egress-gateway
_wait_for_istio virtualservice default direct-wikipedia-through-egress-gateway else
snip_configure_egress_gateway_traffic_to_a_wildcard_host_1
_wait_for_istio gateway default istio-egressgateway
_wait_for_istio destinationrule default egressgateway-for-wikipedia
_wait_for_istio virtualservice default direct-wikipedia-through-egress-gateway
fi
snip_configure_egress_gateway_traffic_to_a_wildcard_host_2 snip_configure_egress_gateway_traffic_to_a_wildcard_host_3
_wait_for_istio serviceentry default www-wikipedia _wait_for_istio serviceentry default www-wikipedia
_verify_same snip_configure_egress_gateway_traffic_to_a_wildcard_host_3 "$snip_configure_egress_gateway_traffic_to_a_wildcard_host_3_out" _verify_same snip_configure_egress_gateway_traffic_to_a_wildcard_host_4 "$snip_configure_egress_gateway_traffic_to_a_wildcard_host_4_out"
_verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_4 "outbound|443||www.wikipedia.org" if [ "$GATEWAY_API" == "true" ]; then
_verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_6 "outbound|443||www.wikipedia.org"
snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_2
else
_verify_contains snip_configure_egress_gateway_traffic_to_a_wildcard_host_5 "outbound|443||www.wikipedia.org"
snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1
fi
# @cleanup # @cleanup
snip_cleanup_direct_traffic_to_a_wildcard_host_1 if [ "$GATEWAY_API" != "true" ]; then
snip_cleanup_direct_traffic_to_a_wildcard_host_1
snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1 snip_cleanup_egress_gateway_traffic_to_a_wildcard_host_1
snip_cleanup_1
snip_cleanup_1 snip_cleanup_2
echo y | snip_cleanup_2 kubectl delete ns istio-system
kubectl label namespace default istio-injection-
kubectl delete ns istio-system fi
kubectl label namespace default istio-injection-