JwtFailureDueToInvalidServicePortPrefix
This message occurs when a authentication Policy specifies the use of JWT authentication, but the targeted Kubernetes services5 is not configured properly. A properly targeted Kubernetes service requires the port to be named with a prefix of http|http2|https (see Protocol Selection6) and also requires the protocol to be TCP; an empty protocol is acceptable as TCP is the default value.
Example
You will receive this message:
when your cluster has following policy:
that targets the following service:
In this example, the port svc-8080
does follow the syntax: name: <http|https|http2>[-<suffix>]
.
How to resolve
- JWT authentication is only supported over http, https or http2. Rename the Service port name to conform with
<http|https|http2>[-<suffix>]