Fix for Egress Gateway TLS Origination Task (#7732)

* one possible fix for egress tls origination fix

* update snips

* re-enable egress gateway mtls origination test

content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/index.md

@@ -105,10 +105,12 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
       servers:
       - port:
           number: 80
-          name: http-port-for-tls-origination
-          protocol: HTTP
+          name: https-port-for-tls-origination
+          protocol: HTTPS
         hosts:
         - edition.cnn.com
+        tls:
+          mode: ISTIO_MUTUAL
     ---
     apiVersion: networking.istio.io/v1alpha3
     kind: DestinationRule
@@ -118,6 +120,15 @@ be done by the egress gateway, as opposed to by the sidecar in the previous exam
       host: istio-egressgateway.istio-system.svc.cluster.local
       subsets:
       - name: cnn
+        trafficPolicy:
+          loadBalancer:
+            simple: ROUND_ROBIN
+          portLevelSettings:
+          - port:
+              number: 80
+            tls:
+              mode: ISTIO_MUTUAL
+              sni: edition.cnn.com
     EOF
     {{< /text >}}
 
@@ -649,10 +660,7 @@ to hold the configuration of the NGINX server:
         hosts:
         - nginx.example.com
         tls:
-          mode: MUTUAL
-          serverCertificate: /etc/certs/cert-chain.pem
-          privateKey: /etc/certs/key.pem
-          caCertificates: /etc/certs/root-cert.pem
+          mode: ISTIO_MUTUAL
     ---
     apiVersion: networking.istio.io/v1alpha3
     kind: DestinationRule

content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/mtls_test.sh

@@ -86,7 +86,7 @@ _wait_for_istio virtualservice default direct-nginx-through-egress-gateway
 _wait_for_istio destinationrule default originate-mtls-for-nginx
 
 # TODO: Verify HTTP connection to nginx
-#_verify_elided snip_configure_mutual_tls_origination_for_egress_traffic_3 "$snip_configure_mutual_tls_origination_for_egress_traffic_3_out"
+_verify_elided snip_configure_mutual_tls_origination_for_egress_traffic_3 "$snip_configure_mutual_tls_origination_for_egress_traffic_3_out"
 
 #TODO: verify request is actually being routed through egress gateway
 

content/en/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/snips.sh

@@ -75,10 +75,12 @@ spec:
   servers:
   - port:
       number: 80
-      name: http-port-for-tls-origination
-      protocol: HTTP
+      name: https-port-for-tls-origination
+      protocol: HTTPS
     hosts:
     - edition.cnn.com
+    tls:
+      mode: ISTIO_MUTUAL
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
@@ -88,6 +90,15 @@ spec:
   host: istio-egressgateway.istio-system.svc.cluster.local
   subsets:
   - name: cnn
+    trafficPolicy:
+      loadBalancer:
+        simple: ROUND_ROBIN
+      portLevelSettings:
+      - port:
+          number: 80
+        tls:
+          mode: ISTIO_MUTUAL
+          sni: edition.cnn.com
 EOF
 }
 
@@ -514,10 +525,7 @@ spec:
     hosts:
     - nginx.example.com
     tls:
-      mode: MUTUAL
-      serverCertificate: /etc/certs/cert-chain.pem
-      privateKey: /etc/certs/key.pem
-      caCertificates: /etc/certs/root-cert.pem
+      mode: ISTIO_MUTUAL
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule