Closed bwmetcalf closed 2 weeks ago
Our linkerd-proxy logs show
[ 10161.537196s] INFO ThreadId(01) inbound:server{port=8080}:rescue{client.addr=10.3.148.114:54096}: linkerd_app_core::errors::respond: HTTP/2.0 request failed error=client 10.3.148.114:54096: server: 10.3.128.129:8080: unauthorized request on route error.sources=[unauthorized request on route]
Perhaps our HTTPRoute resource spec is wrong, but based on the docs it looks right.
We had a typo in the auth policy. Closing.
@bwmetcalf No worries. What was the typo in the auth policy? We are looking into how to improve the usability of HTTPRoutes in Linkerd and this class of error is still an opportunity to improve the UX IMO
I was referencing the MeshTLSAutentication
resource in the auth policy with
requiredAuthenticationRefs:
- group: policy.linkerd.io
kind: MeshTLSAuthentication
name: c3-test-service-c3-test-client
when the name of the resource is actually c3-test-service
. It was an error I introduced in our yaml templating.
What is the issue?
We are using
HTTPRoute
withMeshTLSAuthentication
and upstream requests are failing with 403 regardless of endpoint. This works fine when we just useServer
in our authentication policy. Below are all of the manifests. The strange thing here is in order to retrieve ourHTTPRoute
resource we have to useEg,
Here are all of the manifests:
How can it be reproduced?
I suppose configure the above resources with our versions of linkerd shown in the check output.
Logs, error output, etc
output of
linkerd check -o short
Environment
We are using bottlerocket AMIs.
Possible solution
No response
Additional context
No response
Would you like to work on fixing this bug?
None