-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS handshake failed when enabling mutual TLS #7844
Comments
This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions. |
One thing you can try is to deploy internet/intranet in the default namespace, which should work. And if it does work, it's the meshPolicy/DestinationRule setup issue. Suggest to
|
Please feel free to assign back to me if the problem still exists. |
This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had activity in the last month and a half. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions. |
Describe the bug
Created 2 deployments internet and intranet (together with their virtual services)
When I check the TLS status using
istioctl
, everything seems to be ok:However when I try to curl intranet service from internet service through
istio-proxy
, it returns error of handshake failed like below:If I follow the instruction at https://istio.io/docs/tasks/security/mutual-tls/ to deploy
sleep
andhttpbin
in the same namespace, I can curl successfully:Expected behavior
Able to curl from one container to another
Steps to reproduce the bug
See above
Version
Istio
Kubectl
Is Istio Auth enabled or not?
Installed using option 2 from quick start:
Install Istio with default mutual TLS authentication
Environment
Kubernetes deployed on AWS using kops
The text was updated successfully, but these errors were encountered: