flightpath is unable to talk https to backends.

[ellisgeek]

I have been testing flightpath for deployment and hit one major snag. A small number of our backend services talk https to the load-balancer and this appears to not be supported by flightpath.

[Gufran]

Can you specify if these services are connect enabled? Can you share the logs from Envoy process that is using Flightpath? A dump of the /config_dump admin endpoint would also be useful.

Right now flightpath configures tls only on connect enabled clusters. If these services are not connect enabled then that would require flightpath to know the details of the certificate to configure SAN, SNI and the CA trust chain. None of that is possible at the moment but can be added with little effort.

However, if the services are connect enabled then the problem is most likely between the service and the sidecar, not between Flightpath+Envoy and the sidecar.

[ellisgeek]

The service is not connect enabled unfortunately.

Here is a dump of the config: https://gist.github.com/ellisgeek/665b1bb02f5a505afac1d453a2afe6c0

The cluster in question is "onlyoffice-communityserver"

I can look into disabling HTTPs for this endpoint but it would be a nice to have, I would take a stab at a PR but frankly Go is outside my skillset.