I'm fairly new to istio and try to setup mTLS in an istio mesh on my test cluster. I've setup a wordpress app using Helm (the release is called "exasperated-whippet") and am requesting the content from an alpine test pod using curl.
Without any mTLS setup, everything works.
When I create this destination rule:
apiVersion: "networking.istio.io/v1alpha3"
kind: "DestinationRule"
metadata:
name: "exasperated-whippet-wordpress-mtls-dr"
spec:
host: exasperated-whippet-wordpress
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
the requests still reach the service okay and Kiali adds a lock-badge to the traffic which should denote the traffic as encrypted (right?).
However, once I add this policy as described in the Mutual TLS Migration documentation:
apiVersion: "authentication.istio.io/v1alpha1"
kind: "Policy"
metadata:
name: "exasperated-whippet-wordpress-mtls-policy"
spec:
targets:
- name: exasperated-whippet-wordpress
peers:
- mtls:
mode: STRICT
the traffic crashes and I get 503 responses back.
Am I missing something here?
