-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VirtualService on http.matchRequest for port 443 is completly ignored. #36528
Comments
@bianpengyuan can you take a look please? |
I created a VirtualService for a pod running in Kubernetes
It's not creating it in route name 443, replacing that to 80, creates in route name 80 |
As you configured, 443 is a https port, which means proxy expects traffic to be encrypted and there won't be HTTP level route generated. Only SNI based route will be generated. |
Well If I remove the port in this
istio does create in 80 and 443 as well. |
@bianpengyuan I was able to resolve this issue. when I create ServiceEntry for the External Service I had to set protocol to http but the port will be 443. This is for terminating the non-mesh TLS, and encrypting the traffic with Istio_MTLS, and on the other sidecar, terminate ISTIO_MTLS, reencrypt the traffic with my non-mesh certs before forwarding the traffic to my app. |
However, I met the similar issue |
Bug Description
I have created a ServiceEntry for a External service e.g example.com.
then I created VirtualService for example.com
When I apply the above
VirtualService
, it gets created in route confiName 80, I wanted it to be created in route configName 443, to do so, I added- port: 443
to the below vs and appliedNow it's gone from 80 too, and it's not created in 443 as well.
The reason I want this to be in 443, because I have custom FilterChainMatch on 0.0.0.0:443 listener and I use routeConfigName 443.
Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: