New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to take the certs for mutual TLS with external API call #42465
Comments
Here is log as well "[2022-12-15T18:52:08.652Z] "GET /locators/v1/showStuff?operation=list&latitude=33.04&longitude=-96.67 |
Where is your gateway resource? Can you dump the istio gateway configs |
hi @hzxuzhonghu
|
And also config_dump with istioctl pc cluster -n -oyaml |
hi @hzxuzhonghu
|
where is |
Hi @hzxuzhonghu |
I could not find it in config dump |
Hi @hzxuzhonghu
output is
|
@hzxuzhonghu |
|
@formych #41375 is for ambient, which is totally unrelated, because ambient has a different branch now |
I finally found the issue of this and this is nothing to do wtih ISTIO. it has to do with the the end API encryption being used.
and also had to introduce the http filter for letting the encryption go through
My Colleague Nate Baechtold helped me on this. Closing this for now |
Bug Description
need to configure istio to act as reverse proxy when hit from a certain domain and on a particular route with prefix. I configured the ingressGateway so that that client certs are available on the path /etc/certs
I made sure that the certs are correct because I am able to call the external url using curl and supplying the same certs as present in the istio-ingress gateway. However calling from istio gives the following error
This call fails. It almost seems that the certs are not being presented to the external API
I am at a loss as where the issue is? Why is it not taking the certs that are present in the ingress-pods
when run the curl command exec into ingress it works fine
here are the service Entry, virtual service and the destination rule.
Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: