Manish Khadka (MaSK):
Hi,
I am consistently getting 426 upgrade required error with istio
Here is my setup. Not sure where I should look for errros and fixes?
domain ----> cloudfront -------> origin (443, minimum tls sslv3) ------> elb (80/443) ------> service (80) |-------> pod (80)
|-------> istio-proxy
Alistair Mackay:
426 means that a client is talking the wrong version of HTTP, e.g. could be using HTTP 1.1 when the stack wants HTTP 2.0
What is receiving 426? Is it the application you are using to connect to the above architecture? If so then either your cloudfront, ELB or istio ingress is too strict on the version of HTTP it will accept, so you’ll have to check the configuration of each, beginning with cloudfront.
Either that, or ensure the calling program is using the requested HTTP version.
Manish Khadka (MaSK):
if I disable istio sidecar injection for the pod it works fine
Alistair Mackay:
Looks to me like the proxy in the sidecar is insisting on a higher http version than is being provided by the caller.
When the sidecar is present, generate the error and look at the logs of the sidecar container.
Ether configure envoy (the sidecar) to accept lower protocols, or the upstream services (CF, ELB etc) to forward on HTTP2.
I can’t tell you off the top of my head where these settings are - google is your firend.
Manish Khadka (MaSK):
thank you.
I will try this out and get back to you.