Reputation: 147
Istio Strict mode giving connection reset by peer error
Turning the mtls mode to Strict in Istio is giving error : msg="Error performing http GET at http://172.xx.xx.xx:xxxx read: connection reset by peer" But turning the mtls mode to Permissive works fine.
Is there any solution so that the error can be resolved in Strict mode
Sample of PeerAuthentication:
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: "default"
spec:
mtls:
mode: STRICT
Upvotes: 2
Views: 6959
Answers (1)
Reputation: 2261
To resolve, ensure that istio-injection is turned on for all pods that are trying to communicate with each other so that they have the istio sidecar proxy running. This is because when the Istio Envoy proxies talk with each other they will automatically encrypt their communication. An Istio sidecar proxy will reject traffic if it doesn't come from another Istio sidecar that it trusts.
Alternatively, you could lower the security by changing your mutual TLS setting in your PeerAuthentication to PERMISSIVE.
Upvotes: 1
Related Questions
- "connection refused" error in main application until istio-sidecar starts
- Istio Pods Not Coming Up
- Configure Istio Sidecar to allow trafic to external hosts
- ISTIO - Egress Gateway returns - command terminated with exit code 35?
- Why i am getting connection refused by istio side car injector?
- Connection reset by peer when accessing nginx-enabled service behind istio
- istio upstream connect error or disconnect/reset before headers. reset reason: connection termination
- Getting 503 service unavailable from istio
- Istio on Kubernetes: pod to service communication doesn't work
- Istio Egresses with Kubernetes Services