# VirtualService — 2단 라우팅으로 외부 호출을 egress gateway에 강제 경유시킴. # 1단) mesh(sidecar) 에서 나가는 httpbin.org TLS → egress gateway(subset httpbin) # 2단) egress gateway 에서 → 실제 httpbin.org:443 # PASSTHROUGH라 sniHosts로 매칭(평문 HTTP route가 아닌 tls route). apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: egress-httpbin namespace: mesh-test spec: hosts: - httpbin.org gateways: - mesh # sidecar에서 발생하는 트래픽 (1단) - egress-httpbin # egress gateway에서 발생하는 트래픽 (2단) tls: # 1단: sidecar → egress gateway - match: - gateways: [mesh] port: 443 sniHosts: [httpbin.org] route: - destination: host: istio-egressgateway.istio-system.svc.cluster.local subset: httpbin port: number: 443 # 2단: egress gateway → 외부 httpbin.org - match: - gateways: [egress-httpbin] port: 443 sniHosts: [httpbin.org] route: - destination: host: httpbin.org port: number: 443 weight: 100