Open mgrabarz opened 5 years ago
The egress traffic would work even if you didn't have a gateway resource (in fact you don't really, since the deployment failed). The gateway resource is used to configure ingress traffic (i.e. accessing your containers from outside the cluster).
There is an ongoing discussion internally about whether or not gateways without an ingress configuration should be supported, as it is unclear whether there is a scenario for them. I'll update this thread once we have a conclusion.
Thanks Artur, That raises another questions.
Just to explain my use case:
To securely expose services from Mesh we started to experiment with Cloudflare's Argo tunnels. We run cloudflare deamon as sidecar to establish encrypted tunnel (initiated from Mesh side) with Cloudflare. Thanks of this solution all traffic goes using Cloudflare's anti-DDos, WAF, TLS, tunnel load balancers etc. If there are no ingress rules on GW, nothing can get in but through the tunnel.
Gateway deployments with no tcp/http ingress rules fail constantly. Error is the same as reported in #324.
Repro steps:
After deployment failure Gateway resource seems to be working properly, with expected egress traffic from containers to public Internet.