Hi,
Im trying the mtls demo and have STRICT mode enabled globally. I have foo, bar, and legacy namespaces configured.
I have the service configured so port and targetPort are different
- name: http
port: 8080
targetPort: 8001
selector:
app: httpbin
When I do a curl -v http://httpbin.foo:8080/ip
from the sleep pod, the connection gets rejected with 503, and looking at the envoy logs, I can see closing connection: no matching filter chain found
on the receiving envoy.
However, the connection works when I have the set the same port
and targetPort
or if I remove the STRICT peerauthenitcation rule.
Any help as to what is happening, and how to debug would be greatly appreciated!
Here are the envoy listeners from receiving proxy:
0.0.0.0 15006 Trans: tls; Addr: *:8001 Cluster: inbound|8001||
And on the sending proxy:
0.0.0.0 8080 Trans: raw_buffer; App: HTTP Route: 8080
0.0.0.0 8080 ALL PassthroughCluster