Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port names should start with https/http #1117

Closed
jpkrohling opened this issue Jul 6, 2020 · 0 comments · Fixed by #1122
Closed

Port names should start with https/http #1117

jpkrohling opened this issue Jul 6, 2020 · 0 comments · Fixed by #1122
Labels
bug Something isn't working

Comments

@jpkrohling
Copy link
Contributor

jpkrohling commented Jul 6, 2020

When debugging a problem related to TLS and Istio, I found that:

  1. the grpc port should be prefixed with http in the default case
  2. all services with http prefix should instead be https when TLS is enabled

Without this prefix, this is seen in the logs:

$ /tmp/grpcurl -cacert=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt dns:///simplest-collector-headless.bookinfo.svc:14250 list
Failed to dial target host "dns:///simplest-collector-headless.bookinfo.svc:14250": tls: first record does not look like a TLS handshake

With the prefix, the connection can be established (the message about the reflection API not being support is indicative that the server was queried and that TLS was established):

$ /tmp/grpcurl -cacert=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt dns:///simplest-collector-headless.bookinfo.svc:14250 list
Failed to list services: server does not support the reflection API
@ghost ghost added the needs-triage New issues, in need of classification label Jul 6, 2020
@jpkrohling jpkrohling added bug Something isn't working and removed needs-triage New issues, in need of classification labels Jul 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant