-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example Service Entry load balancing issue and mTLS connection #124
Comments
@iandyh For ii) did you make a http request to |
@aattuluri Thanks for the reply! i) Will keep an eye at that issue. |
@iandyh |
@aattuluri After adding
It does not help... |
@iandyh Can you add this to your deployment -> spec -> template -> annotations, make some requests and share the logs?
|
I am not sure if its a SAN verification failure, debug logging might help identity the actual issue. |
@aattuluri Looking at the logs, it only says 503 with UC flag(Upstream connection termination).
|
This is not an admiral bug, closing this issue. |
…osystem#124) * Prometheus Counters - add counter. rework tests - add support for labels - move metrics to metrics.go - update metrics tests with labels - use a dedicated delegator to capture metrics - renamed to MonitoredDelegator Signed-off-by: Adil Fulara <adil.fulara@gmail.com> Signed-off-by: Adil Fulara <adil_fulara@intuit.com> Co-authored-by: Adil Fulara <adil.fulara@gmail.com>
…stio-ecosystem#124)" This reverts commit ca731ff.
Describe the bug
This is not a bug for usage of admiral per se. I am following the docs: https://istio.io/latest/blog/2020/multi-cluster-mesh-automation/ to understand the idea behind Admiral but encountered the following issue:
the Envoy configuration does not look correct to me:
After I changed to using STATIC and actual pod IP, the configuration looks correct. sidecar proxy will do the direct pod load balancing. I am not sure whether this is a bug(probably by Istio) or by design. But it will be great if someone can help to confirm.
Second issue is, with the same service entry above, the mTLS connection to
sample-app.caas-sentinel
does not work. I got theupstream connect error or disconnect/reset before headers. reset reason: connection termination
error.Steps To Reproduce
Istio 1.6
Create above service entry
Turn on target remote service mTLS as shown here: https://istio.io/latest/docs/tasks/security/authentication/authn-policy/
Expected behavior
sidecar proxy should do the pod load balancing instead of calling the service FQDN directly.
mTLS should work with local service.
Thanks a lot for your help!
The text was updated successfully, but these errors were encountered: