[09:45:46] <elukey>	 bootstrapped a simple istio egress gateway on ml-serve-eqiad
[09:46:14] <elukey>	 for the moment I had to config a new entry in the istio config.yaml (applied manually from deploy1002 in my home dir)
[09:46:24] <elukey>	 and I had to allow traffic from istiod -> ingress
[09:46:52] <elukey>	 I read https://istio.io/latest/blog/2020/proxying-legacy-services-using-egress-gateways/, that is not our use case but it is interesting
[10:14:31] <elukey>	 it is not super straightforward how to configure it and and how it should work in a scenario like ours, without a mesh
[11:07:32] <elukey>	 so something is working
[11:08:02] <elukey>	 with a little config I was able to make localhost:8080 Host: api-ro.discovery.wmnet to be proxied throught the egress gw
[11:08:16] <elukey>	 but of course this is not ok, I'd need to set something like
[11:09:02] <elukey>	 locahost:8080 'en.wikipedia.org' --proxied--> api-ro.discovery.wmnet Host: en.wikipedia.org'
[11:09:22] <elukey>	 that doesn't seem impossible but I hope it doesn't take 100 lines of yaml
[11:16:05] <elukey>	 ok so something is working!
[11:22:09] <elukey>	 going to lunch, will keep going later on
[17:07:23] <wikibugs>	 10Lift-Wing, 10Machine-Learning-Team (Active Tasks): Add an envoy proxy sidecar to Kserve inference pods - https://phabricator.wikimedia.org/T294414 (10elukey) With the following I was able to have something almost working:  ` apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata:   name: https-...
[17:11:45] <wikibugs>	 10Lift-Wing, 10Machine-Learning-Team (Active Tasks): Add an envoy proxy sidecar to Kserve inference pods - https://phabricator.wikimedia.org/T294414 (10elukey) The above still doesn't work with TLS, and some more work needs to be done, but it is nice that each egress gateway (set of) pod(s) has a k8s service i...