Allow serverless outbound traffic to external services by default
Description
We are currently using Knative version 0.6 and it comes with Istio version 1.0.7.
This Istio version does not allow egress to external services by default. It is necessary to whitelist all the external services you want to access from within the mesh, one by one, see https://istio.io/docs/tasks/traffic-management/egress/egress-control/#controlled-access-to-external-services.
Example:
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: gitlab-https-ext
spec:
hosts:
- gitlab.com
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
location: MESH_EXTERNAL
EOF
Proposal
Update Istio / configuration to use mode: ALLOW_ANY
to enable egress to any external service by default.