K
Q

Istio Gateway and VirtualService issue with Kubernetes Dashboard

5/31/2019

I'm using Istio 1.1.7 and tried the following Gateway and VirtualService to the Kubernetes Dashboard.

But I'm seeing the following:

kubectl -n kube-system logs -f kubernetes-dashboard-7cf9657c74-5fsmq
2019/05/31 15:53:04 http: TLS handshake error from 10.244.3.11:54392: tls: first record does not look like a TLS handshake
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: default-ingressgateway
  namespace: default
spec:
  selector:
    istio: ingressgateway
  servers:

  - hosts:
    - "*"
    port:
      name: http
      number: 80
      protocol: HTTP

  - hosts:
    - "*"
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      mode: SIMPLE
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: dashboard-virtualservice
  namespace: kube-system
spec:
  hosts:
  - "*"
  gateways:
  - default/default-ingressgateway
  http:
  - match:
    - uri:
        prefix: "/dashboard"
    rewrite:
      uri: "/"
    route:
    - destination:
        host: kubernetes-dashboard
        port:
          number: 443

NOTE: I've also tried change the Gateway Server-TLSOptions-TLSmode from mode: SIMPLE to mode mode: PASSTHROUGH, but PASSTHROUGH I just get We can’t connect to the server in my Browser.

-- DarVar
istio
kubernetes

Similar Questions

Kubernetes API server failing to start: TLS handshake error
Force DNS Redirect in AWS VPC for Public Hostname
How to set information in Kubernetes Network Policy dynamically?
Can Ambassador handle CORS requests?
move pod manually to another kuberntes

1 Answer

5/31/2019

I think PASSTHROUGH should work, if you configure it properly. Here is an example that does something similar. https://istio.io/docs/examples/advanced-gateways/ingress-sni-passthrough/

-- Frank B
Source: StackOverflow