I am having an issue with getting an authorization policy to work when it uses a JWKS served by an HTTP service in the mesh.
I set up a HTTP server in a service named jwws. I am able to reach it through the ingress using a virtual service that specifies
route: - destination: host: jwks.default.svc.cluster.local port: number: 80
In my authorization policy if I specify
requests get a 401 status returned.
If I change the URL to one external to the mesh, requests get a normal response. The content is the same in both the internal and external JWKS. Why would the internal address not be working?