Hi, I’m creating an IngressGateway object to route http/s requests in my Civo cluster. However the Service resource it creates always shows TCP as protocol, even if I explicitly declare appProtocol as http/s. Istio version 1.16.0.
The error I get when I curl the service :
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
The error in istio-proxy sidecar in the target pod:
-
- HTTP/1.1" 400 DPE http1.codec_error - “-” 0 11 0 - “-” “-” “-” “-” “-” - - 10.42.2.26:7054 10.42.2.25:39098 outbound_.7054_._.org1-ca.default.svc.cluster.local
Istio config yaml:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio-gateway
namespace: istio-system
annotations:
kubernetes.civo.com/firewall-id:
spec:
addonComponents:
grafana:
enabled: false
kiali:
enabled: false
prometheus:
enabled: false
tracing:
enabled: false
components:
ingressGateways:
- enabled: true
k8s:
hpaSpec:
minReplicas: 1
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
service:
ports:
- name: http-hlf
port: 80
targetPort: 8080
nodePort: 30949
- name: https-hlfs
port: 443
targetPort: 8443
nodePort: 30950
type: LoadBalancer
externalTrafficPolicy: Local
name: istio-ingressgateway
pilot:
enabled: true
k8s:
hpaSpec:
minReplicas: 1
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
meshConfig:
accessLogFile: /dev/stdout
enableTracing: false
outboundTrafficPolicy:
mode: ALLOW_ANY
profile: default
The Service that it created:
Port: http-hlf 80/TCP
TargetPort: 8080/TCP
NodePort: http-hlf 30949/TCP
Endpoints: 10.42.2.25:8080
Port: https-hlfs 443/TCP
TargetPort: 8443/TCP
NodePort: https-hlfs 30950/TCP
Endpoints: 10.42.2.25:8443
Error in stats:
wasmcustom.reporter=.=destination;.;source_workload=.=unknown;.;source_workload_namespace=.=unknown;.;source_principal=.=spiffe://cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account;.;source_app=.=unknown;.;source_version=.=unknown;.;source_canonical_service=.=unknown;.;source_canonical_revision=.=latest;.;source_cluster=.=unknown;.;destination_workload=.=org1-ca;.;destination_workload_namespace=.=default;.;destination_principal=.=spiffe://cluster.local/ns/default/sa/default;.;destination_app=.=hlf-ca;.;destination_version=.=unknown;.;destination_service=.=hlf-ca;.;destination_service_name=.=hlf-ca;.;destination_service_namespace=.=default;.;destination_canonical_service=.=hlf-ca;.;destination_canonical_revision=.=latest;.;destination_cluster=.=Kubernetes;.;request_protocol=.=http;.;response_flags=.=DPE;.;connection_security_policy=.=mutual_tls;.;response_code=.=400;.;grpc_response_status=.=;.;istio_response_bytes: P0(nan,120) P25(nan,122.5) P50(nan,125) P75(nan,127.5) P90(nan,129) P95(nan,129.5) P99(nan,129.9) P99.5(nan,129.95) P99.9(nan,129.99) P100(nan,130)