I just upgraded my test cluster running 1.0.6 to 1.1. I am attempting to setup an ingress via the instructions here:
but thus far am not having any luck. Any time I attempt to test my ingress I get
* TCP_NODELAY set * Connected to httpbin-istio.domain (184.108.40.206) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to httpbin-istio.domain:443 * stopped the pause stream! * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to httpbin-istio.domain:443
Here are the manifests:
apiVersion: v1 kind: Service metadata: name: httpbin namespace: default labels: app: httpbin spec: ports: - name: http port: 8000 selector: app: httpbin --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: httpbin namespace: default spec: replicas: 1 template: metadata: labels: app: httpbin version: v1 spec: containers: - image: docker.io/citizenstig/httpbin imagePullPolicy: IfNotPresent name: httpbin ports: - containerPort: 8000 --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: httpbin-gateway-external namespace: default annotations: kubernetes.io/ingress.class: external spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 443 name: https-httpbin protocol: HTTPS hosts: - "httpbin-istio.domain" tls: mode: SIMPLE credentialName: "httpbin-credential" --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: httpbin-external namespace: default spec: hosts: - "httpbin-istio.domain" gateways: - httpbin-gateway-external http: - route: - destination: port: number: 8000 host: httpbin.default.svc.cluster.local
I have been able to validate that from a sleep pod I can access the httpbin service successfully with mtls enabled as well as access the service through the ingress via HTTP.
Please help. Thanks