Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-1211

OSSM Federation failover TLS error when setting importAsLocal : ‘true’ in two separate federated meshes

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • OSSM 2.1.1
    • OSSM 2.1.4, OSSM 2.2.1
    • Maistra
    • None
    • Sprint 51, Sprint 52, Sprint 53, Sprint 54

    Description

      OSSM Federation failover TLS error when setting importAsLocal : ‘true’ in two separate federated meshes

      This issue is related to OSSM 2.1.1 federation failover case. The initial reporter
      pantianying  described the issue in community Istio Slack openshift channel

      There is a OSSMDOC Jira mentioned this issue
      https://issues.redhat.com/browse/OSSMDOC-395

      Issue description:

       pantianying tianying pan added a comment - 2022/02/07 8:33 AM
      
      when set importAsLocal : 'true' in two separate federated mesh clusters , an application invokes service A, the TLS configuration is that of the Peer mesh. This will cause an error when the load balancer calls the in the service A which pod is in local mesh cluster:
      
      envoy connection [C289] TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed
      

      How to reproduce :
      ...

      OpenShift Version:
      ...

      Attachments

        Issue Links

          Activity

            People

              yuaxu@redhat.com Yuanlin Xu
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: