Open Poweranimal opened 2 years ago
Hi @Poweranimal,
Have you also deployed proxy for the downstream service that is issuing the HTTP requests to Minio? If not, this is required so that connections are routed through the service mesh and pass authN/authZ checks at the destination service's proxy.
Hi @blake , Thanks a lot for your reply. I opened a new issue in that regard with a more precise description and example. https://github.com/hashicorp/consul-k8s/issues/1155
So far it seems that my use case might not be supported by consul connect.
Overview of the Issue
I'm having trouble to get the consul connect transparent proxy running with direct dialing on a k8s
StatefulSet
.Plain http requests get redirected to a https service.
e.g.:
curl http://minio-1.minio-svc.minio.svc.cluster.local:9000/export
fails with an empty reply, because the target is a https server. Callingcurl -k http://minio-1.minio-svc.minio.svc.cluster.local:9000/export
fails, because the https server is configured by consul connect with mTLS and expects a proper TLS certificate.Though I would expect that
http://minio-1.minio-svc.minio.svc.cluster.local:9000/export
would get resolved to its IP address (e.g.http://10.244.0.52:9000/export
) and the forwarded by the consul connect envoy proxy to the consul connect target.Reproduction Steps
ServiceDefaults
) for the k8sStatefulSet
withtransparentProxy.dialedDirectly
enabled.StatefulSet
(e.g.minio
with 4 replicas) withconsul-connect
enabled andtransparent-proxy
enabledStatefulSet
I'm very grateful for any support on this issue.
Consul info for both Client and Server
Client info
``` output from client 'consul info' command here ```Server info
``` agent: check_monitors = 0 check_ttls = 0 checks = 0 services = 0 build: prerelease = revision = e319d7ed version = 1.11.3 consul: acl = enabled bootstrap = false known_datacenters = 1 leader = true leader_addr = 10.244.0.16:8300 server = true raft: applied_index = 26829 commit_index = 26829 fsm_pending = 0 last_contact = 0 last_log_index = 26829 last_log_term = 2 last_snapshot_index = 16492 last_snapshot_term = 2 latest_configuration = [{Suffrage:Voter ID:8b6fc0ad-06b9-783d-7e27-a3931f39dc70 Address:10.244.0.16:8300} {Suffrage:Voter ID:17b752af-4731-01a2-331b-82cc43668f6c Address:10.244.1.22:8300}] latest_configuration_index = 0 num_peers = 1 protocol_version = 3 protocol_version_max = 3 protocol_version_min = 0 snapshot_version_max = 1 snapshot_version_min = 0 state = Leader term = 2 runtime: arch = amd64 cpu_count = 18 goroutines = 336 max_procs = 18 os = linux version = go1.17.5 serf_lan: coordinate_resets = 0 encrypted = false event_queue = 0 event_time = 2 failed = 0 health_score = 0 intent_queue = 0 left = 0 member_time = 5 members = 4 query_queue = 0 query_time = 1 serf_wan: coordinate_resets = 0 encrypted = false event_queue = 0 event_time = 1 failed = 0 health_score = 0 intent_queue = 0 left = 0 member_time = 2 members = 2 query_queue = 0 query_time = 1 ```