K
Q

tls-origination: Invalid path istio when importing tls

5/11/2021

I am intercepting a service at port 389 and applying tls-origination, so my destination rules is as follows:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: ldap
spec:
  host: ...
  subsets:
  - name: tls-origination
    trafficPolicy:
      loadBalancer:
        simple: ROUND_ROBIN
      portLevelSettings:
      - port:
          number: 636
        tls:
          mode: SIMPLE
          caCertificates: /path/to/certificate/ldap.pem

The value /path/to/certificate/ldap.pem is the path in my local machine to the file. When I look at the istio proxy logs, after having applied the destination rules, I get the following error:

type.googleapis.com/envoy.api.v2.Cluster rejected: Error adding/updating cluster(s) outbound|636|tls-origination|...: Invalid path: /path/to/certificate/ldap.pem

What am I doing wrong? istio is being deployed inside kubernetes

-- Learner
istio
kubernetes
ldap
tls1.2

Similar Questions

go-template split string by delimiter
Achieving Kubernetes deployment of a stateful application with short lived and exclusive user sessions?
External DNS in Kubernetes involving istio out of nowhere from version 1.11
Kubernetes : Replication Controller still there after deletion
How to delete a daemonset and service in Kubernates

1 Answer

5/14/2021

In my case, I had to add the file into the same POD as the service being intercepted. I have used the same approach described here (i.e., using annotations) the certificate gets added to the Proxy side car.

-- Learner
Source: StackOverflow