I added istio to my eks cluster. Sidecars are getting added to every pod and my Kiali dashboard is also up.
But after that I am not able to authenticate my APIs. I checked all the logs, came out to be that my pods are not able to connect to Cognito Server. I am getting following error:
Unhandled rejection TypeError: Unable to generate certificate due to
RequestError: Error: connect ECONNREFUSED 13.235.142.215:443
I went inside my pod to check if it can connect to any public DNS, I was able to ping google.com but not to aws.amazon.com
To crossverify, I removed istio from my cluster and it started working.
Got a github issue somewhat matching my issue, but that has also been closed without any solution (https://github.com/istio/istio/issues/10848).
Can anyone help me with this issue.
Thanks
Got the issue, my istio is trying to connect to aws cognito through ssl and it doesn't have certificates. Putting certificates in istio solved this.