I have Kong running in K8S , KONG_STREAM_LISTEN is set to “0.0.0.0:9000, 0.0.0.0:9443”, I have a separate k8s service which is used for TCP traffic which use an AWS NLB.
In the cluster I use cert-manager for creating certificates. I’ve created a certificate which I use in the TCPIngress tls section.
But when I try to connect with openssl to check if the certificate is returned I can’t see that it is.
This is the response I get (except for the written packet which is not pasted)
read from 0x55e8e1d6d2e0 [0x55e8e1d87883] (5 bytes => 0 (0x0))
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 338 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
read from 0x55e8e1d6d2e0 [0x55e8e1caf160] (8192 bytes => 0 (0x0))
Any idea why Kong isn’t returning the cert?
EDIT: I noticed I hadn’t defined the TLS port as ‘ssl’ in KONG_STREAM_LISTEN, after doing that it worked.