# Snapshotted verbatim from gw__src-egress-http-vs-https.md §4-2 (egress-gateway plain-HTTP 2-leg path). # 문서 인라인 매니페스트 그대로의 복사본 — 실 repo 원본은 부재. Istio 1.30. # ① ServiceEntry — 포트 80 HTTP 만 (443 HTTPS 불필요) apiVersion: networking.istio.io/v1 kind: ServiceEntry metadata: { name: partner-http, namespace: istio-system } spec: hosts: [api.partner.example.com] ports: - { number: 80, name: http, protocol: HTTP } resolution: DNS location: MESH_EXTERNAL --- # ② Gateway — 내부 leg 수신 (mTLS 불요 시 HTTP가 가장 단순) apiVersion: networking.istio.io/v1 kind: Gateway metadata: { name: egress-partner, namespace: istio-system } spec: selector: { istio: egressgateway } servers: - port: { number: 80, name: http, protocol: HTTP } hosts: [api.partner.example.com] # 내부 구간을 mTLS로 감싸려면: protocol: HTTPS + tls.mode: ISTIO_MUTUAL --- # ③ DestinationRule — subset 만 (외부 origination 없음 = 평문 그대로 나감) apiVersion: networking.istio.io/v1 kind: DestinationRule metadata: { name: egressgateway-partner, namespace: istio-system } spec: host: istio-egressgateway.istio-system.svc.cluster.local subsets: - name: partner # 내부 mTLS 명시: trafficPolicy.portLevelSettings[].tls.mode: ISTIO_MUTUAL --- # ④ VirtualService — http: 2-leg (tls/sniHosts 아님!) apiVersion: networking.istio.io/v1 kind: VirtualService metadata: { name: route-partner, namespace: istio-system } spec: hosts: [api.partner.example.com] gateways: [mesh, egress-partner] http: # ← tls: 아님 - match: [{ gateways: [mesh], port: 80 }] route: [{ destination: { host: istio-egressgateway.istio-system.svc.cluster.local, subset: partner, port: { number: 80 } } }] - match: [{ gateways: [egress-partner], port: 80 }] route: [{ destination: { host: api.partner.example.com, port: { number: 80 } } }]