When disabling TLS for the admin listener the url for the request has a trailing dot. While this may be fine in vanilla kubernetes, it causes a failure when using a service mesh like istio:
job log:
unable to query config schema: request GET http://redpanda-0.redpanda.redpanda.svc.cluster.local.:9644/v1/cluster_config/schema failed: Service Unavailable, body: "upstream connect error or disconnect/reset before headers. reset reason: connection termination"
The URL should not have a trailing dot so that service meshes can resolve the endpoint correctly
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
```yaml
listeners:
admin:
appProtocol: http
tls:
enabled: false
monitoring:
enabled: true
enableHttp2: false
```
deploy redpanda with that config on top of istio with istio-injection enabled and mtls set to strict
Anything else we need to know?
This can be worked around with istio via a set of destination rules and service entries.
```console
$ helm -n redpanda list
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
redpanda redpanda 1 2024-08-21 19:45:48.328080392 +0000 UTC deployed redpanda-5.9.1 v24.2.2
```
What happened?
When disabling TLS for the admin listener the url for the request has a trailing dot. While this may be fine in vanilla kubernetes, it causes a failure when using a service mesh like istio: job log:
main redpanda istio sidecar log:
What did you expect to happen?
The URL should not have a trailing dot so that service meshes can resolve the endpoint correctly
How can we reproduce it (as minimally and precisely as possible)?. Please include values file.
Anything else we need to know?
This can be worked around with istio via a set of destination rules and service entries.
If there wasn't a trailing dot this would work:
However since there is we have to add this set as well
Which are the affected charts?
Redpanda
Chart Version(s)
Cloud provider
JIRA Link: K8S-326