I'm trying to deploy an angular app on Openshift with Istio as service mesh. Service yaml:
- apiVersion: v1
kind: Service
metadata:
labels:
app: angularapp
service: angularapp
version: v1
name: angularapp
spec:
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
selector:
name: angularapp
So far everything works with http connection. To change to https connection, I configured the istio-ingressgateway route provided by the Red Hat Openshift Service Mesh operator installation to use passthrough
spec:
host: istio-ingressgateway-istio-system.apps.xxx.xx.xxxxxxx.opentlc.com
tls:
insecureEdgeTerminationPolicy: None
termination: passthrough
and the istio's gateway resource:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: testnamespace-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: "router-certs"
hosts:
- "*"
with the VirtualService pointing to 8080 port of angular app:
route:
- destination:
host: angularapp
port:
number: 8080
Question: TLS configuration works and the exposed istio ingress gateway URL does have https connection. However, API Gateway issues this error when firing request to the mentioned istio URL:
Execution failed due to configuration error: Unrecognized SSL message, plaintext connection?
The weird thing is that it only happens half the time, the other half works, even after clearing browser cache after every run. Note that only the istio ingress gateway URL has https connection while the angular app as a standalone service only has http.
Sorry for the long-winded question and hope to get some help here. Thank you!
Solved this by adding the segment:
port:
targetPort: https
tls:
termination: passthrough
to istio ingress route configuration as the istio ingress service default configuration listens on portName: https
name: https
port: 443
protocol: TCP
targetPort: 8080