kong icon indicating copy to clipboard operation
kong copied to clipboard
Published 1 week ago verified publisher icon Kong

https over mtls is not working for upstream

Open vinaykumar-git6 opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Kong version ($ kong version)

3.4.3.4

Current Behavior

We are trying to make communication from kong ingress to upstream services as mtls.

here is my service file :

apiVersion: v1 kind: Service metadata: annotations: konghq.com/client-cert: tls-ingress konghq.com/protocol: https name: account-information-clusterip namespace: core spec: ports:

  • name: http port: 8551 protocol: TCP targetPort: 8551
  • name: https port: 8443 protocol: TCP targetPort: 8443 selector: application: account-information sessionAffinity: None type: ClusterIP

tls secret is alredy created: [ec2-user@ip-10-74-191-55 ~]$ k get secret -n core NAME TYPE DATA AGE cvv-client-ssl-store Opaque 1 40h nexus-docker-secret kubernetes.io/dockerconfigjson 1 17d oauth-token-client-ssl-store Opaque 1 40h ssl-store Opaque 1 40h tls kubernetes.io/tls 2 40h tls-ingress kubernetes.io/tls 2 5d22h

after applying configuration kong ingress controller gives error

time="2024-06-09T04:21:21Z" level=debug msg="no configuration change, skipping sync to Kong" url="https://127.0.0.1:8444/" time="2024-06-09T04:21:21Z" level=debug msg="due to errors in the current config, the last valid config has been pushed to Gateways" time="2024-06-09T04:21:21Z" level=error msg="could not update kong admin" error="performing update for https://127.0.0.1:8444/ failed: failed posting new config to /config: got status code 400" subsystem=dataplane-synchronizer time="2024-06-09T04:21:21Z" level=debug msg="successfully applied Kong configuration to https://127.0.0.1:8444/" logger=events object="{"kind":"Pod","namespace":"kong-app","name":"ingress-kong-796548b7cc-tqp58","apiVersion":"v1"}" reason=KongConfigurationSucceeded type=Normal

Expected Behavior

upstream mtls communication over https should work after defining these annotations

konghq.com/client-cert: tls-ingress konghq.com/protocol: https

Steps To Reproduce

No response

Anything else?

No response

vinaykumar-git6 avatar Jun 10 '24 07:06 vinaykumar-git6

@randmonkey Could you take a look?

StarlightIbuki avatar Jun 17 '24 09:06 StarlightIbuki

@vinaykumar-git6 Looks like there are some errors happened in the applying of configurations. Could you please provide your KIC version and the configuration of related Ingress resources that use the service as backend?

randmonkey avatar Jul 10 '24 03:07 randmonkey

This issue is marked as stale because it has been open for 14 days with no activity.

github-actions[bot] avatar Jul 25 '24 01:07 github-actions[bot]

Dear contributor,

We are automatically closing this issue because it has not seen any activity for three weeks. We're sorry that your issue could not be resolved. If any new information comes up that could help resolving it, please feel free to reopen it.

Your contribution is greatly appreciated!

Please have a look our pledge to the community for more information.

Sincerely, Your Kong Gateway team

github-actions[bot] avatar Aug 01 '24 01:08 github-actions[bot]