Why Secure GRPC calls do not reach ingress gateway?

If I understand you correctly, the thing here is that:

• GRPC currently works over a HTTP2 type transport

• The current ingress is not capable of HTTP2

So are you sure your client is using HTTP1? Because otherwise it might not work.

Please let me know if that helped.

Try it out grpc greeter with istio, it works for me.

# greeter.yamlapiVersion: v1kind: Servicemetadata:  name: greeter  labels:    app: greeterspec:  ports:  - name: grpc    port: 50051  selector:    app: greeter---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: greeterspec:  replicas: 1  template:    metadata:      labels:        app: greeter        version: v1    spec:      containers:      - image: tobegit3hub/grpc-helloworld        imagePullPolicy: IfNotPresent        name: greeter        ports:        - containerPort: 50051

# gateway.yamlapiVersion: networking.istio.io/v1alpha3kind: Gatewaymetadata:  name: greeter-gatewayspec:  selector:    istio: ingressgateway # use Istio default gateway implementation  servers:    - port:        number: 80        name: http        protocol: HTTP      hosts:        - 'xyz.example.com'

# virtualservice.yamlapiVersion: networking.istio.io/v1alpha3kind: VirtualServicemetadata:  name: greeterspec:  hosts:    - 'xyz.example.com'  gateways:    - greeter-gateway  http:    - match:        - uri:            prefix: /      route:        - destination:            host: greeter            port:              number: 50051

# grpc greeter clientdocker run  -it tobegit3hub/grpc-helloworld /greeter_client.py xyz.example.com:80