I am using istio v1.0.6 and kubernetes 1.11. I was able to succesfully implement the ingress feature of istio.However, I am seeing that by default istio block the TCP connections from the mesh to applications outside cluster. But, it allows https connections to applications that are not even registered in the mesh.
Is there any default egress rules that I am missing ?
Up until version 1.0, Istio’s default behavior was to block access to external endpoints . This created a connectivity issue and applications were breaking until the user could discover all the endpoints and configure them manually.
Istio 1.1 changed the default to allow access to all external endpoints.
See this for additional details and an automated way to generate serviceentries: https://medium.com/@tufin/locking-down-istio-egress-with-automatic-traffic-discovery-51f0d49879a3