svilenvul commented on issue #7377: URL: https://github.com/apache/apisix/issues/7377#issuecomment-1195123971
FYI, currently istio mTLS is in permissive mode (the issue occurs only in strict mode) > Request routing directly in APISIX container, check its request and response headers ``` kubectl exec -n xxx-id-system deploy/tiam-ms-apigateway-apisix -- curl -vv http://localhost:9080/xxx.tdp.dp.ms.legalagreements.v2.ClientService/ListLegalDocuments -H "HOST: xxx-api-gateway.xxx.cloud" --http2 > GET /xxxx.tdp.dp.ms.legalagreements.v2.ClientService/ListLegalDocuments HTTP/1.1 > Host: xxx-api-gateway.xxx.cloud > User-Agent: curl/7.79.1 > Accept: */* > Connection: Upgrade, HTTP2-Settings > Upgrade: h2c > HTTP2-Settings: AAMAAABkAAQCAAAAAAIAAAAA > * Received HTTP/0.9 when not allowed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Closing connection 0 curl: (1) Received HTTP/0.9 when not allowed command terminated with exit code 1 ``` > Request routing from another container, check its request and response headers ``` kubectl exec -n xxx-id-system deploy/tiam-core-authn -- curl -vv http://tiam-ms-apigateway-apisix-gateway:80/xxx.tdp.dp.ms.legalagreements.v2.ClientService/ListLegalDocuments -H "HOST: xxx-api-gateway.xxx.cloud" --http2 > GET /xxx.tdp.dp.ms.legalagreements.v2.ClientService/ListLegalDocuments HTTP/1.1 > Host: xxx-api-gateway.xxx.cloud > User-Agent: curl/7.61.1 > Accept: */* > Connection: Upgrade, HTTP2-Settings > Upgrade: h2c > HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA > < HTTP/1.1 200 OK < date: Tue, 26 Jul 2022 07:35:52 GMT < content-type: application/grpc < content-length: 0 < grpc-status: 7 < grpc-message: RBAC: access denied < x-envoy-upstream-service-time: 62 < server: envoy ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
