I have a grpc asp.net server which is sitting behind istio ingress gateway. grpc request works while using TCP as gateway protocol but it fails if protocol is set to HTTPS. I am trying to use istio to terminate ssl/tls grpc request but no luck so far.
# working tcp gateway
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: gateway
namespace: testing
spec:
selector:
istio: ingress # using istio ingress gateway
servers:
- port:
number: 9093
name: tcp-9093
protocol: TCP
hosts:
- "mydomain.com"
# failing https gateway
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: gateway
namespace: testing
spec:
selector:
istio: ingress # use istio ingress gateway
servers:
- port:
number: 9093
name: https-9093
protocol: HTTPS
hosts:
- "mydomain.com"
tls:
mode: SIMPLE
credentialName: my_tls_cred_secret
Below is the response client is getting with https
StatusCode="Unavailable", Detail="upstream connect error or disconnect/reset before headers. reset reason: remote reset"
Below is the logs from istio ingress gateway controller
[2023-08-09T08:22:26.459Z] "POST /greet.Greeter/SayHello HTTP/2" 200 UR upstream_reset_before_response_started{remote_reset} - "-" 12 0 2 - "91.145.126.17" "grpc-dotnet/2.54.0 (.NET 7.0.9; CLR 7.0.9; net7.0; osx; x64)" "706488d1-1954-4dc5-a252-d1df34a23576" "mydomain.com:9093" "10.244.0.41:5001" outbound|5001||app-svc.testing.svc.cluster.local 10.244.0.12:35426 10.244.0.12:9093 91.145.126.17:62974 mydomain.com -
versions:
- .net7
- Grpc.AspNetCore - 2.49.0
- kubernetes - 1.25.11
- istio - 1.17.2
