You get either the Connection reset by peer response or the GOAWAY response when you attempt to establish the connection between a service without a sidecar and a service with a sidecar.
By default, mutual TLS (mTLS) is enabled in the service mesh. As a result, every element of the service mesh must have an Istio sidecar with a valid TLS certificate to allow communication.
- To whitelist a service without a sidecar and disable mTLS traffic for it, create a DestinationRule.
- To allow connections between a service without a sidecar and a service with a sidecar, create a Peer Authentication in the
PERMISSIVEmode.