search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.08k stars 438 forks source link

SLL not working for multiple virtual services #6290

Open gk12277 opened 2 years ago

gk12277 commented 2 years ago

Gloo Edge Version

1.9.x

Kubernetes Version

1.20.x

Describe the bug

Hi I have two virtual services say one for domain a.example.com and another for b.example.com. When i add sslConfig for one it works completely fine. But when i add it for both am not able to access my service i get

curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to a.example.com:443

  sslConfig:
    secretRef:
      name: secret-name
      namespace: gloo-system

Using the same sslConfig for both virtual services. Does anyone have any idea what could be the issue here. I tried adding sniDomains with values a.example.com in one and b.example.com in the second one, but error is shown. When i remove sslConfig from one virtual service it works again.

Steps to reproduce the bug

I am using the same certificate for both my virtual services

my virtualservices
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: name_1
  namespace: gloo-system
spec:
  sslConfig:
    secretRef:
      name: cert-name
      namespace: gloo-system
    sniDomains:
    - a.example.com
  virtualHost:
    domains:
      - a.example.com
    routes:
      - matchers:
         - prefix: /path
        routeAction:
          single:
            upstream:
              name: upstream_name_1
              namespace: gloo-system
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: name_2
  namespace: gloo-system
spec:
  sslConfig:
    secretRef:
      name: cert-name
      namespace: gloo-system
    sniDomains:
    - b.example.com
  virtualHost:
    domains:
      - 'b.example.com'
    routes:
      - matchers:
         - prefix: /
        routeAction:
          single:
            upstream:
              name: upstream_name_2
              namespace: gloo-system
        options:
          autoHostRewrite: true

Expected Behavior

I should be able to access my services across https in both virtual services.

Additional Context

Output of glooctl check

No problems detected.
Unable to cancel request for *exec.roundTripper

Could be possibly relate to this https://github.com/solo-io/gloo/issues/2534 but i cant seem to find a workaround

github-actions[bot] commented 4 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.