Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-1211

OSSM Federation failover TLS error when setting importAsLocal : ‘true’ in two separate federated meshes

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • OSSM 2.1.4, OSSM 2.2.1
    • OSSM 2.1.1
    • Maistra
    • None
    • Sprint 51, Sprint 52, Sprint 53, Sprint 54

      OSSM Federation failover TLS error when setting importAsLocal : ‘true’ in two separate federated meshes

      This issue is related to OSSM 2.1.1 federation failover case. The initial reporter
      pantianying  described the issue in community Istio Slack openshift channel

      There is a OSSMDOC Jira mentioned this issue
      https://issues.redhat.com/browse/OSSMDOC-395

      Issue description:

       pantianying tianying pan added a comment - 2022/02/07 8:33 AM

when set importAsLocal : 'true' in two separate federated mesh clusters , an application invokes service A, the TLS configuration is that of the Peer mesh. This will cause an error when the load balancer calls the in the service A which pod is in local mesh cluster:

envoy connection [C289] TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed

      How to reproduce :
      ...

      OpenShift Version:
      ...

        1. Federation-Testing-log.txt
          16 kB
        2. proxy_config_dump.log
          504 kB
        3. proxy_dump_bookinfo-review-v3.log
          490 kB
        4. Screenshot from 2022-03-24 17-46-35.png
          Screenshot from 2022-03-24 17-46-35.png
          90 kB

              yuaxu@redhat.com Yuanlin Xu
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: