[GitHub] nicolaferraro opened a new issue #209: Create a Istio trait

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] nicolaferraro opened a new issue #209: Create a Istio trait

GitBox
nicolaferraro opened a new issue #209: Create a Istio trait
URL: https://github.com/apache/camel-k/issues/209
 
 
   While developing the Knative integration I've noticed that outgoing connections are not allowed when the pod is embedded into the Istio mesh.
   
   If you want to contact e.g. slack you should add a `EgressRule` like:
   ```
   apiVersion: networking.istio.io/v1alpha3
   kind: ServiceEntry
   metadata:
     name: slack-ext
   spec:
     hosts:
     - hooks.slack.com
     ports:
     - number: 443
       name: https
       protocol: HTTPS
     resolution: DNS
     location: MESH_EXTERNAL
   ```
   
   It would be great if we can add a `Istio` trait that can add those rules automatically (as child resource of the `Integration`).
   
   Users may be able to run a integration like:
   ```
   kamel run -t istio.egress.slack=https://hooks.slack.com slack.groovy
   ```
   
   That will end up in the `Integration` resource, in the `istio` trait and then materialized by the operator.
   
   The next big thing would be to add such egress rules automatically from the code... But we don't have such metadata in Camel. Some endpoints, instead, are self describing, such as `.to("http://..")`.
   
   Does anyone know if there's a "wildcard" authorization for Istio egresses or external services should all be declared?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[hidden email]


With regards,
Apache Git Services