mongodb - Unable to reach an external mongo db server from istio

Question

I am trying to implement service mesh using istio and envoy for a service which requires connecting to external mongodB server but for some reasons, my service is unable to reach the external mongodB server from istio proxy

Below is the gateway and virtual service configuration for my service

    apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: gtreviews
    spec:
      selector:
        istio: ingressgateway
      servers:
      - port:
          number: 7890
          name: http
          protocol: GRPC
        hosts:
        - "*"
---
    apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: reviews
    spec:
      hosts:
      - "*"
      gateways:
      - gtreviews
      http:
      - match:
        - uri:
            prefix: "/reviews"
        route:
        - destination:
            port:
              number: 8080
            host: reviews.istio-system.svc.cluster.local

I added egress service entry but still doesn't work

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-svc-mongocluster
spec:
  hosts:
  - xxx.xx.com
  ports:
  - name: mongo
    number: 27017
    protocol: tcp
  location: MESH_EXTERNAL  

---

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: external-svc-mongocluster
spec:
  hosts:
  - xxx.xx.com
  tcp:
  - match:    
    route:
    - destination:
        host: xxx.xx.com
        port:
          number: 27017
      weight: 100

Answer 1

Try to specify the port in the ServiceEntry as TLS (the name and the protocol).

I am working on a task regarding MongoDB right now, check the "Egress control for TLS" section in this PR https://github.com/istio/istio.io/pull/2347/, it is a bit raw yet.