ChaoYoung
ChaoYoung
> @johnlanni istio CRDs is enabled
> @johnlanni it doesn't work. ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: freeswitch-uas namespace: default annotations: cert-manager.io/cluster-issuer: "ca-issuer" nginx.ingress.kubernetes.io/proxy-http-version: "1.1" nginx.ingress.kubernetes.io/proxy-connect-timeout: "10" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/secure-backends: "true"...
> @chaoyoung 可以提供下 freeswitch-uas 这个服务的镜像吗,我这边测试复现下 @johnlanni ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: uas-test namespace: default annotations: cert-manager.io/cluster-issuer: "ca-issuer" nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: "/" nginx.ingress.kubernetes.io/enable-websocket:...
@johnlanni 这个问题查出原因了吗?
> @chaoyoung 抱歉 这段时间比较忙 还没来得及复现问题,你先试一下这个envoyfilter能否解决 > > ```yaml > apiVersion: networking.istio.io/v1alpha3 > kind: EnvoyFilter > metadata: > name: freeswitch-uas-enable-secp384r1 > namespace: default > spec: > configPatches: > - applyTo: CLUSTER...
> 你进网关的pod 执行下 curl localhost:15000/config_dump ,把内容发一下 [config_dump1.txt](https://github.com/alibaba/higress/files/12595174/config_dump1.txt)
>  你的配置中只有这些服务,并没有 freeswitch-uas.default.svc.cluster.local,所以上面的envoyfilter没有生效 我这里为了测试,部署了一个新的服务:uas-test,你找找这个名称。新的完整的YAML Manifest如下: ```yaml # curl -kv http://uas-test.dev2.com/ws -H 'Connection: Upgrade' -H 'Upgrade: websocket' -H 'Sec-Websocket-Protocol: sip' -H 'Sec-Websocket-Key: iDA5KxziwFqKlGYaO3EXSg==' # curl -kv https://uas-test.dev2.com/wss -H 'Connection: Upgrade'...
@johnlanni gateway log ```log 2023-09-13T07:39:50.831678Z info xdsproxy connected to upstream XDS server: higress-controller.higress-system.svc:15012 2023-09-13T08:09:55.505991Z info xdsproxy connected to upstream XDS server: higress-controller.higress-system.svc:15012 {"authority":"uas-test.dev2.com","bytes_received":"0","bytes_sent":"0","downstream_local_address":"10.244.23.205:80","downstream_remote_address":"10.244.232.2:35436","duration":"2450","istio_policy_status":"-","method":"GET","path":"/ws","protocol":"HTTP/1.1","request_id":"1d83ba78-f6d1-4d19-8df2-e70d8cc9ee31","requested_server_name":"-","response_code":"0","response_flags":"DC","route_name":"default/uas-test","start_time":"2023-09-13T08:11:51.969Z","trace_id":"04beea3fbcc5e24f2571adcdda5584bb","upstream_cluster":"outbound|80||uas-test.default.svc.cluster.local","upstream_host":"-","upstream_local_address":"-","upstream_service_time":"-","upstream_transport_failure_reason":"-","user_agent":"curl/7.29.0","x_forwarded_for":"10.244.232.2"} [Envoy (Epoch 0)] [2023-09-13 08:12:01.968][28][warning][client] [C319221] Connection...
@johnlanni 目前已知freeswitch-uas这个镜像不支持TLSv1.3版本,只支持到TLSv1.2。跟这个有关系吗?能指定TLSv1.2么?