The 502 BadGateway from AzureApplicationGateway is caused starting from TAP 1.6
Article ID: 297919
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
Customer is upgrading TAP v1.5.1 to v1.6.2. When they accessed to application through AzureApplicationGateway, they got 502 BadGateway from AzureApplicationGateway.
Access path: AzureApplicationGateway -> AKS -> Envoy -> application(KSVC)
Access path: AzureApplicationGateway -> AKS -> Envoy -> application(KSVC)
Environment
Product Version: 1.6
Resolution
Cause:
Starting from TAP 1.6, tls.minimum-protocol-version is set to 1.3 by default.
This is a breaking change in TAP, but it's not mentioned in the documentation.
https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/contour-configuring-cipher-suites-and-tls-version.html
Workaround:
To configure tls.minimum-protocol-version to 1.2 and restart contour/envoy.
Starting from TAP 1.6, tls.minimum-protocol-version is set to 1.3 by default.
This is a breaking change in TAP, but it's not mentioned in the documentation.
https://docs.vmware.com/en/VMware-Tanzu-Application-Platform/1.6/tap/contour-configuring-cipher-suites-and-tls-version.html
Workaround:
To configure tls.minimum-protocol-version to 1.2 and restart contour/envoy.
Feedback
Yes
No
Powered by
