Access a gRPC server in AWS EKS using Istio Ingress Gateway

Networking
1

Hello everyone,
I have a gRPC server hosted in my EKS cluster that I want to connect with istio Ingress Gateway. The Ingress gateway is exposed via ALB using ALB ingress controller. When I try to access the server without istio and only the ALB setting the backend as GRPC it works fine but when I try using istio it fails and gives me an error that “Peer name not available in Peer Certificate.”
I tried opening port 50051 on the istio-ingressgateway service and then it says “grpc_status:12 StatusCode.UNIMPLEMENTED”. Below are my templates that I am using:
Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: grpc-test
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: grpc-test
  template:
    spec:
      containers:
        - name: app
          image: 36xxxxxxxx10.dkr.ecr.eu-west-2.amazonaws.com/grpc-greeter-yr:v1
          ports:
            - containerPort: 50051
              name: grpc
          resources:
            limits:
              memory: 500Mi
              cpu: 250m
            requests:
              memory: 300Mi
              cpu: 50m

Service.yaml

apiVersion: v1
kind: Service
metadata:
  name: grpc-test
spec:
  ports:
    - port: 50051
      name: grpc
      appProtocol: grpc
      targetPort: 50051
  selector:
    app.kubernetes.io/name: grpc-test

Gateway.yaml

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: grpc-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 50051
      name: grpc
      protocol: GRPC
    hosts:
    - "*"

VirtualService.yaml

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grpc-vs
spec:
  hosts:
  - "*"
  gateways:
  - grpc-gateway
  tcp:
  - match:
    - port: 50051
    route:
    - destination:
        host: grpc-test
        port:
          number: 50051

Istio-Ingressgateway.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: grpc-istio-ingress
  namespace: istio-system
  annotations:
    alb.ingress.kubernetes.io/healthcheck-path: /package.service/method
    alb.ingress.kubernetes.io/healthcheck-port: status-port
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/load-balancer-name: grpc-istio-ingress
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/actions.ssl-redirect: '443'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-2:xxxxxxxxxx:certificate/abc-def-xyx-123
    alb.ingress.kubernetes.io/backend-protocol-version: GRPC
spec:
  rules:
    - host: grpc-test-kf.abc.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: istio-ingressgateway
                port:
                  number: 50051