You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here, instead of trying to manually set "istio-ca" secret,
we are trying to generate our own root certificate, create root-ca-cert secret
and then configure selfsigned issuer (name kept for convinence)
to use our root-ca-cert instead of generating selfsigned certificate.
This was done in DIFF by commenting one part of issuer
# spec:# selfSigned: {}
and uncommenting other
spec:
ca:
secretName: root-ca-cert
Then we apply resources and follow steps from documentation and we download istio-ca secret (this is secret generated by istio-ca issuer / certificate pair, not root issuer) and put it manually again as istio-root-ca for istio-csr to use.
It looks like we are breaking communication between istio-ingressgateway and productpage services.
upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
Just apply DIFF section from below to your makefile and run make setup.
Setup will complete but both (http and https) endpoints will return error upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
Description:
Here, instead of trying to manually set "istio-ca" secret,
we are trying to generate our own root certificate, create
root-ca-cert
secretand then configure
selfsigned
issuer (name kept for convinence)to use our
root-ca-cert
instead of generating selfsigned certificate.This was done in DIFF by commenting one part of issuer
and uncommenting other
Then we apply resources and follow steps from documentation and we download
istio-ca
secret (this is secret generated by istio-ca issuer / certificate pair, not root issuer) and put it manually again asistio-root-ca
for istio-csr to use.It looks like we are breaking communication between
istio-ingressgateway
andproductpage
services.when we try to load to productpage (for example on address http://localhost:31077/productpage)
we will get
and
istio-ingressgateway
pod will log:How to reproduce issue:
Just apply DIFF section from below to your makefile and run
make setup
.Setup will complete but both (http and https) endpoints will return error
upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
DIFF:
LOGS:
The text was updated successfully, but these errors were encountered: