How to do Pod Health check with MTLS

c4po · January 14, 2019, 5:45pm

after force the MTLS

apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
  name: "default"
spec:
  peers:
  - mtls: {}

the health check (livenessProbe and readinessProbe) does not work any more.

Readiness probe failed: Get http://100.105.60.17:8080/info: read tcp 10.110.37.206:17462->100.105.60.17:8080: read: connection reset by peer

I changed the schema to HTTPS and get another error

Readiness probe failed: Get https://100.124.147.183:8080/info: remote error: tls: handshake failure

linsun · January 14, 2019, 6:33pm

incfly · January 15, 2019, 7:05pm

We’ll have an improvement coming in 1.1 release, to allow no manual change when mTLS is turned on.

Topic		Replies	Views
ClusterIP networking on istio injected pods not working Networking	1	1215	July 11, 2019
Istio mtls connection issues Security	4	1751	January 3, 2020
mTLS configuration ignored Security	2	1741	January 28, 2021
Urgent - How to verify mTLS communication between services with traffic dump Security	1	2747	November 19, 2019
How do i take istio mTLS tcpdump?	5	6446	February 27, 2023