Im trying the mtls demo and have STRICT mode enabled globally. I have foo, bar, and legacy namespaces configured.
I have the service configured so port and targetPort are different
- name: http port: 8080 targetPort: 8001 selector: app: httpbin
When I do a
curl -v http://httpbin.foo:8080/ip from the sleep pod, the connection gets rejected with 503, and looking at the envoy logs, I can see
closing connection: no matching filter chain found on the receiving envoy.
However, the connection works when I have the set the same
targetPort or if I remove the STRICT peerauthenitcation rule.
Any help as to what is happening, and how to debug would be greatly appreciated!
Here are the envoy listeners from receiving proxy:
0.0.0.0 15006 Trans: tls; Addr: *:8001 Cluster: inbound|8001||
And on the sending proxy:
0.0.0.0 8080 Trans: raw_buffer; App: HTTP Route: 8080 0.0.0.0 8080 ALL PassthroughCluster