Closed p1-repo-sync-bot[bot] closed 3 months ago
Issue 'TLS configuration is invalid with custom TCP ports' closed from GitLab side
I tried installing the BB helm chart on master branch with these values:
istio:
gateways:
public:
ports:
- name: https
number: 8443
protocol: HTTPS
- name: tcp-custom-will-it-break
number: 7687
protocol: TCP
And it succeeded, despite having a non HTTPS port that the chart gives a tls
property. For thoroughness, I installed once and then upgraded twice.
As I was unable to reproduce the problem, I will close this issue.
Overview
When adding custom TCP ports to a gateway definition (as documented here), helm upgrade fails with the following error:
Versions
2.5.0
1.17.3-bb.1
v1.24.16-eks-2d98532
Context
We attempted to expose a custom TCP port on our Gateway with the following BB config snippet:
Viewing the
bigbang/istio-bigbang-values
secret shows the following (truncated) config:Reconciling the istio helm release results in the error shown above. It appears the
tls
section of the server host entry is added regardless of the port protocol resulting in the invalid configuration.Temporary Workaround
As a stopgap solution, we were able to override the gateway's
servers
viaistio.values
:It is also worth noting that when adding custom ports,
8443
or some other HTTPS port must also be included as shown above. Otherwise the helm upgrade fails similarly with:Recommended Solutions