Closed jeffmccune closed 2 months ago
Note this is only a problem for dev which uses a wildcard cert:
k get secret -n istio-ingress app.dev.holos.run -o json \
| jq --exit-status '.data | map_values(@base64d)' \
| jq '."tls.crt"' -r \
| openssl x509 -text -noout -in - \
| grep app.dev.k2.holos.run
Pretty sure this got fixed for aws2 in https://github.com/holos-run/holos-infra/commit/09a7709c0b8c4c67bc3ecd98845151304577cc0d
We are running into https://github.com/istio/istio/issues/9429 again with our current Gateway configuration.
For example, hitting https://jeff.app.dev.k2.holos.run/ first causes https://app.dev.k2.holos.run/ to return a 404 NR.
The istio logs show the requested server name different from the authority:
The recommended fix is here:
We are not following this in 0.74.0: