How to do Pod Health check with MTLS

c4po · January 14, 2019, 5:45pm

after force the MTLS

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: "default"
spec:
  peers:
  - mtls: {}

the health check (livenessProbe and readinessProbe) does not work any more.

Readiness probe failed: Get http://100.105.60.17:8080/info: read tcp 10.110.37.206:17462->100.105.60.17:8080: read: connection reset by peer

I changed the schema to HTTPS and get another error

Readiness probe failed: Get https://100.124.147.183:8080/info: remote error: tls: handshake failure

linsun · January 14, 2019, 6:33pm

incfly · January 15, 2019, 7:05pm

We’ll have an improvement coming in 1.1 release, to allow no manual change when mTLS is turned on.

Topic		Replies	Views
Health check with http/2 Config	1	2656	August 22, 2020
ClusterIP networking on istio injected pods not working Networking	1	1282	July 11, 2019
Health check probes fail against http2 only service (with strict mTLS) Networking security	0	1305	August 1, 2022
In kubernetes v1.26.4 installed Istio v1.18.0 in that addon tool kiali deployed but it's throwing liveness and readiness probes failed and getting connection refused error Kiali security , istiocon	5	1291	October 18, 2023
mTLS configuration ignored Security	2	1955	January 28, 2021