ISTIOCTL throwing handshake error

rehanbaig · May 6, 2021, 7:16am

Hi,

I have setup istio in my eks cluster, I have enabled auto side car injected and also setup ```
PeerAuthentication as strict, I am having two issues

when I use istioctl I am getting following errror

unable to retrieve Pods: Get “https://…
eks.amazonaws.com/api/v1/namespaces/istio-system/pods?fieldSelector=status.phase%3DRunning&labelSelector=app%3Distiod”: net/http: TLS handshake timeout
So I cant analyze the mesh
with strict mode on for peerauthentication, I can still talk to otherservices over http and when I use https:// I get following error

curl -I https://example:3000
```
 > curl: (60) SSL certificate problem: self signed certificate in certificate chain
```
```
More details here: https://curl.se/docs/sslcerts.html
```
curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, any help will be great

Topic		Replies	Views
Pod with Sidecar Fails SSL with External Service	4	2164	August 20, 2019
Istio 1.6 kube-apiserver cannot calling webhook TLS handshake timeout	1	2610	June 9, 2020
Istio - TLS issue when the sidecar is set Security	1	1009	August 26, 2021
Create self-signed classic TLS cert with istio mTLS enabled Networking	2	1461	July 27, 2020
Istio tls origination problem	6	6181	May 8, 2021

curl -I https://example:3000