Mtls not working when service port and targetport are different


Im trying the mtls demo and have STRICT mode enabled globally. I have foo, bar, and legacy namespaces configured.

I have the service configured so port and targetPort are different

  - name: http
    port: 8080
    targetPort: 8001
    app: httpbin

When I do a curl -v from the sleep pod, the connection gets rejected with 503, and looking at the envoy logs, I can see closing connection: no matching filter chain found on the receiving envoy.

However, the connection works when I have the set the same port and targetPort or if I remove the STRICT peerauthenitcation rule.

Any help as to what is happening, and how to debug would be greatly appreciated!

Here are the envoy listeners from receiving proxy:       15006 Trans: tls; Addr: *:8001                                                 Cluster: inbound|8001||

And on the sending proxy:       8080  Trans: raw_buffer; App: HTTP                                             Route: 8080       8080  ALL                                                                      PassthroughCluster