正在k8s中启用HTTPS端口

我正在尝试将端口5665添加到istio-ingressgatway中，并且已经添加了端口5665，但流量没有(我认为(正确路由，因为我一直收到SSL错误

curl -k https://api.loadbalancer.local.com:5665/v1/bla ; echo
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

其中我能够telnet入口网关LB 上的端口

❯ telnet api.loadbalancer.local.com 5665
Trying 10.239.49.9...
Connected to api.loadbalancer.local.com.
Escape character is '^]'.

如果我直接调用POD IP(例如(，则服务响应良好

IP:           10.23.49.90
Controlled By:  ReplicaSet/icinga2-84bd777b9
Containers:
icinga2:
Image:          jordan/icinga2:latest
Ports:          80/TCP, 443/TCP, 5665/TCP
Host Ports:     0/TCP, 0/TCP, 0/TCP
State:          Running

Ready:          True
Restart Count:  0
Liveness:       http-get http://:http/ delay=0s timeout=1s period=10s #success=1 #failure=3

❯ curl -k https://10.23.49.90:5665/
<h1>Unauthorized. Please check your user credentials.</h1>%
❯ curl -k https://10.23.49.90:5665/v1/bla
<h1>Unauthorized. Please check your user credentials.</h1>%
❯ curl -k http://10.23.49.90:5665/
curl: (52) Empty reply from server

路由配置

• istio-ingress网关用于打开端口

- name: api
nodePort: 30431
port: 5665
protocol: TCP
targetPort: 5665

• 网关配置

apiVersion: v1
items:
- apiVersion: networking.istio.io/v1beta1
kind: Gateway
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: api
number: 5665
protocol: HTTPS
tls:
mode: SIMPLE

虚拟服务

apiVersion: v1
items:
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
spec:
gateways:
- icinga2
hosts:
- '*'
http:
- match:
- port: 5665
route:
- destination:
host: icinga2.default.svc.cluster.local
port:
number: 5665

问题我做错了什么，使该端口与直接调用POD IP时一样工作？

我认为我得到CCD_ 3的原因是由于一些错误的配置。

此外，我甚至不知道从哪里查找故障排除，所以如果有人能解释从哪里查找也会很有帮助。

谨致问候。