mTLS origination from sidecar failing to an egress service (outside the OCP cluster) and giving the 403 forbidden error. #49690
AkshaySingh-DS
started this conversation in
General
Replies: 1 comment 1 reply
-
Your Your DR seems wrong:
should be configured on the 'external-host-port' -- I assume this is a number in reality? If not, it needs to be a number. Your |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
HI team,
From couple of days I'm facing an issue while trying to make the connectivity with a web server which uses a rest api F5 URL from my application which is deployed into openshift cluster and using service mesh product istio.
Things were working fine when we were on simple TLS, the issue came when we switched to mTLS.
So what we're doing:-
Basically we are trying to make mTLS connectivity from a react application (deployed into opneshift cluster) to IBM FileNet server (which support mTLS and outside the cluster).
I followed the istio docs and trying to originate TLS from sidecar ( https://istio.io/latest/docs/tasks/traffic-management/egress/egress-tls-origination/).
We have created the below mesh resources as per the docs:-
Service entry:
However after trying above configs react app (deployed on OCP) can't able to talk to external service and we are getting "403 Forbidden error"
While we hit the curl URL from sidecar proxy we got below response.
curl -iv FileNet_host:FileNet_port
I tried to see such issue on istio/discuss page however couldn't be able to find anything like what i'm If facing. If somebody please look at on this and suggest me on right direction that would really help, Thanks in advance!!
Beta Was this translation helpful? Give feedback.
All reactions