Hi there, I’m testing out Linkerd2, for which I started injecting the proxy to a couple of deployments in our cluster to see how it goes.
I’m using AWS Kubernetes (EKS) 1.12. Linkerd 2.4.0
My setup is the following:
ALB Ingress Controller --> Service A --> Service B.
both Services are being injected and I can see them along with some basic stats in Linkerd’s dashboard. However when I tap them, there’s no mTLS turned on: “not_provided_by_remote”
this is a ‘tap’ of the service B. (which is called by service A):
req id=11:1 proxy=in src=xx.xx.yy.136:40430 dst=xx.xx.zz.193:5050 tls=not_provided_by_remote :method=POST :authority=ingress.actual.public-hostname :path=/api/v1/myservice
One thing I noticed, is that “:authority” is set to the original FQDN of the ingress, not the serviceA identity created by the Identity component (serviceb.mynamespace.serviceaccount.identity.linkerd.cluster.local)
Requests work fine. I get the right responses, so Service A is able to talk to Service B. I can see its being done via the proxies as well
I’m not really sure where to go nor what to do, I haven’t found a solution in the documentation either.
Any ideas what might be the problem?
Thanks in advance