But if I an trying to deploy them both the second one reports error on attempt to connect.
The first looks the winner.
Tried to use the unique port names in Gateway and Server but it did not help as well.
Error for th esecond application looks like
curl -vvv https://whoami.mydomain.com
* Trying 34.123.123.123…
* TCP_NODELAY set
* Connected to whoami.mydomain.com (34.123.123.123) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /usr/local/etc/openssl/cert.pem
CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to whoami.mydomain.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to whoami.mydomain.com:443
Yes I am using port 443 for both applications with unique port names.
If we cannot use the same port for different modes, could you advise how is reasonable to redirect https requests from clients to different ports based on application or namespace, or some other approaches.
This certainly possible in principle, assuming that the clients send SNI (which I believe is quite will supported). I’m just not sure if Istio/Envoy support different modes selected on the SNI.
Weird that responses are returning normally if we have a few applications only with SIMPLE mode or a few with PASSTHROUGH only, but could not mix them.
Does it looks like a bug? Or there are some ways to deeper explore what is going wrong?