K
Q

Unable to make Istio HTTPS gateway working?

2/5/2020

I installed Istio 1.4.3 on K8S 1.15.9 with below command.

istioctl manifest apply --set profile=demo --set values.grafana.enabled=false --set values.prometheus.enabled=false --set values.global.mtls.enabled=true --set values.global.controlPlaneSecurityEnabled=true

Above command created AWS classic LB with listener on port 443 with LB and instance protocol as TCP - 443 (SSL, ACM Certificate: 7869fda2-blah-4eee-7f3d-e8c6310464de) forwarding to 31421 (TCP)

Where above certificate is for *.domain.com.

Then, I deployed grafana in debug namespace and created below to access it.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway 
metadata: 
  name: grafana-gateway 
  namespace: debug 
spec: 
  selector: 
    istio: ingressgateway # use istio default ingress gateway 
  servers:
  - port: 
      number: 443 
      name: https 
      protocol: HTTPS 
    tls: 
      mode: ISTIO_MUTUAL 
    hosts:
    - '*.domain.com'
---
apiVersion: networking.istio.io/v1alpha3 
kind: VirtualService 
metadata: 
  name: grafana 
  namespace: debug 
spec: 
  hosts:
  - grafana.domain.com 
  gateways:
  - grafana-gateway 
  http:
  - route:
    - destination: 
        host: grafana.debug.svc.cluster.local
        port: 
          number: 3000

Now, I want to access grafana with URL https://grafana.domain.com. Which I'm not able to do. :-(

With curl I'm getting curl: (52) Empty reply from server.

Any help is appreciated.

Cheers,

-ajit

-- ajit
amazon-elb
istio
kubernetes

Similar Questions

service in kubernetes does not pass through all the headers
K8s loadbalance between different deployment/replicasets
How to set up a custom HTTP error in Kubernetes
MySQL Docker Image: initialized with env variable of K8S Secret

0 Answers