I hope you can help me, I have the following problem with istio I want to receive HTTPS requests but I get the error "curl: (52) Empty response from server", however the HTTP requests work correctly, I attach my manifests.
A certificate has already been generated and a secret has been created with the .crt and .key files
I don't know what else I need so that https requests can work
Istio Version: 1.8.2
Kubectl version client: 1.20.2
Gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: eks-gateway
namespace: development
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- mysite.domine.com
tls:
httpsRedirect: false
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- mysite.domine.com
tls:
mode: SIMPLE
credentialName: mysite-secret
VirtualService.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: eks-virtualservice
namespace: development
spec:
hosts:
- mysite.domine.com
gateways:
- eks-gateway
http:
- match:
- uri:
prefix: /WeatherForecast
route:
- destination:
host: eks-service
port:
number: 80
tls:
- match:
- port: 443
sniHosts:
- mysite.domine.com
route:
- destination:
host: eks-service
port:
number: 80
DestinationRule.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: eks-destinationrule
namespace: development
spec:
host: eks-service
trafficPolicy:
loadBalancer:
simple: LEAST_CONN
Service.yaml
apiVersion: v1
kind: Service
metadata:
name: eks-service
namespace: development
labels:
app: eks-app
spec:
type: ClusterIP
ports:
- port: 80
targetPort: container-port
protocol: TCP
name: http-sv
- port: 443
targetPort: container-port
protocol: TCP
name: https-sv
selector:
app: eks-app
Deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
creationTimestamp: "2021-02-12T07:40:55Z"
generation: 1
labels:
app: eks-app
app.kubernetes.io/version: v1
draft: draft-app
spec:
progressDeadlineSeconds: 600
replicas: 4
revisionHistoryLimit: 0
selector:
matchLabels:
app: eks-app
version: v1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
buildID: ""
creationTimestamp: null
labels:
app: eks-app
draft: draft-app
version: v1
spec:
containers:
- image: XXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/DockerRepo:v1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /liveness
port: container-port
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: eks-app
ports:
- containerPort: 80
name: container-port
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readiness
port: container-port
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
status:
availableReplicas: 4
observedGeneration: 1
readyReplicas: 4
replicas: 4
updatedReplicas: 4
apparently there is a problem between istio and eks, so I decided to install aws controller to get it to work properly.