Although I have read many articles, it seems that few people are discussing this problem, and I have not seen any solutions. I would like to know whether wss is not supported after using Istio as the entry point? According to my test, it seems that wss really can't run on istio, but ws is normal, gateway & virtualservice I have done the following test.
Hope someone can discuss this with me, even if it turns out that Istio doesn't support wss, thanks!
1.use tls.mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-ws-gw
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
hosts:
- "test.ws.com"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-ws-vs
namespace: ws-test
spec:
hosts:
- test.ws.com
gateways:
- istio-system/test-ws-gw
tls:
- match:
- port: 443
sniHosts:
- "test.ws.com"
route:
- destination:
port:
number: 9400
host: ws-svc.ws-test.svc.cluster.local
- use tls.mode: SIMPLE
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: test-ws-gw
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: ingress-cert-ws
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: test-ws-vs
spec:
hosts:
- "test.ws.com"
gateways:
- test-ws-gw
http:
- match:
- uri:
prefix: /
route:
- destination:
port:
number: 9400
host: ws-svc.ws-test.svc.cluster.local
