Request to director with mtls took more than 3 seconds to finish.

Question

Request to director with mtls took more than 3 seconds to finish.

dbadura opened this issue 5 years ago · 1 comments

Description
When using mtls, the requests to director took more than 3 seconds.

Expected result
When using mtls, the request will take the same amount of time like in token flow

Actual result
For example: currently, when the application is connected with mtls, the request to director takes more than 3 seconds.

Steps to reproduce
Acquire certifacate for e.g Application:

Run varkes:

docker run -p 10000:10000 eu.gcr.io/kyma-project/incubator/varkes-example-combined-openapi-mock:latest

Create application in director.
Connect application with varkes.
Download kyma.crt and app.key in varkes UI.
Do request:

time curl --cert kyma.crt --key app.key --request POST   --url https://{URL_TO_DIRECTOR_GRAPHQL}   --header 'content-type: application/json'    --data '{"query":"query {\n  viewer {\n    id \n    type\n  }\n}"}' -v -i

The request will take 3 seconds to finish.

Troubleshooting
So far I did:
Send request with dex token from UI. Takes about 70ms
Send request to service within cluster with Bearer token. Takes about 30ms.

Recommnedation
I would look closely on istio-mtls.

Answer 1 · 2020-05-26T12:39:13.000Z

Issue in istio: istio/istio#23855