Istio TLS with AWS ACM got Empty reply from server

Question

I have set the ACM for AWS NLB. enter image description here

Then I deploy gateway and virtual service.

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: jenkins-gateway
  namespace: jenkins
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: http-jenkins
      protocol: HTTP
    hosts:
    - "cicd.domain.com"

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: jenkins-vs
  namespace: jenkins
spec:
  hosts:
  - "cicd.domain.com"
  gateways:
  - jenkins-gateway
  http:
  - route:
    - destination:
        host: jenkins
        port:
          number: 8080

But when I use curl to access https://cicd.domain.com, I got curl: (52) Empty reply from server.

I also have add service annotation for istio-ingressgateway

      annotations:
        service.beta.kubernetes.io/aws-load-balancer-name: "name"
        service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
        service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-south-1:xxxxxx:certificate/e050b0fc-7117-444a-a296-ebcdc01d3ab2"
        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
        service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"

Istio version: 1.16.1
EKS version: v1.23

Any help is appreciated.

I am facing a similar issue with NLB and Istio Ingress Gateway. I am attempting to terminate at the Ingress Gateway, but I am also getting `Empty reply from server`. — mmiara, Jan 11 '23 at 14:42

Istio TLS with AWS ACM got Empty reply from server

0 Answers0