security-group-inbound-rules.jpg@ Google @yuriyl @Dino-at-Google @Anil Sagar @RadhikaApigeek @Aakash Sharma @ylesyuk @Basavaraj Dhanashetti @RajeshMishra@Google Paul Williams

We are installing Apigee Hybrid Version 1.4 on (GKE on AWS) but facing various issues after the installation step and not able to proceed further.

Below are the issues on which we are stuck and not able to proceed further,

1. When trying the test API on the set up from within the cluster getting below error,

curl: (35) Unknown SSL protocol error in connection to {host:port}

Curl command used-

curl --cacert /tmp/usr/local/bin/apigee-hybrid/hybrid-files/certs/keystore.pem https://example.com:port/test -v -- resolve "example.com:port:IP" --http1.1

2. When we are debugging to resolve above issues, noticed few mismatch in the Number of target groups created by google provided scripts in all the environments/instances.

And these target groups are in unhealthy state, probable root cause mentioned in next point below.

3. Also,we have observed that NodePorts of Istio Ingress gateway are different from the ports of Target Group and Security Group in AWS. These gaps are rendering Target Groups in Unhealthy state.

Ports in Ingress-Gateway

15021:30730/TCP,80:30966/TCP,443:32549/TCP,15443:30181/TCP

Ports in Security Group

we have observed is that NodePorts of Istio Ingress gateway are different from the ports of Target Group and Security Group in AWS. These gaps are rendering Target Groups in Unhealthy state. Looking forward to a quick short discussion and guidance.

Ports in Ingress-Gateway

15021:30730/TCP,80:30966/TCP,443:32549/TCP,15443:30181/TCP

-->(Attached the Security Group Inbound Rules)

Kindly provide your feedback, if anyone faced the similar issues or can help in with any expertise on the same.