From 4a6f9bd183b8fd646a9fc08326622bae44073b30 Mon Sep 17 00:00:00 2001
From: cornel cruceru <amne@amne.me>
Date: Thu, 31 Aug 2023 00:30:15 +0300
Subject: [PATCH] added note on SNI gotcha when Istio Gateway has hosts

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 11a0454..0bad524 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,8 @@ spec:
 ```
 You will notice that I am using the Kubernetes secret named `tls-secret` as `credentialName` which we generated earlier. The secret contains openssl generated key/cert. Gateway `yelb-gateway` is listening on port `443` for encrypted traffic.
 
+Note on SNI: ALB Ingress will not send an SNI (server name indication) to Istio so `hosts` must be `"*"` otherwise Istio will attempt to match it and result in 404.
+
 ### Configure ALB Ingress Resource
 
 Istio can not use the TLS certificate in ACM directly. However, I will use ACM certificates with AWS Application Load Balancer to terminate HTTPS traffic and then forward to Istio ingress gateway for further processing.