I am fairly new to Linkerd and trying to mesh two of my services together. Both server and client are meshed with simply addition of linkerd.io/inject: "enabled"
. The server configuration is as following
apiVersion: v1
kind: Service
metadata:
annotations:
cloud.google.com/app-protocols: '{"http": "HTTP", "grpc":"HTTP2"}'
creationTimestamp: "2022-04-22T17:10:50Z"
name: svc-myserver
namespace: default
resourceVersion: "174877786"
uid: 3468a38c-0b0d-4de1-bb63-963e6544f100
spec:
clusterIP: 172.20.139.61
clusterIPs:
- 172.20.139.61
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: https
port: 443
protocol: TCP
targetPort: 8080
- name: grpc
port: 50053
protocol: TCP
targetPort: 8081
selector:
app: myserver
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
and the deployment has
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8081
name: grpc
protocol: TCP
The server is serving http at port 8080. However, when I tried to hit the server from my client with openssl, I am getting a EProto error as if the server is not servicing https.
echo | openssl s_client -tls1_3 -connect svc-myserver.default.svc.cluster.local:443 -ciphersuites TLS_CHACHA20_POLY1305_SHA256
CONNECTED(00000003)
139694947120448:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 255 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
----
```.
I have verified that neither `linkerd-init` and `linkerd-debug` containers are generating errors. Any directions where to go next?