Update CTP status to highlight that any TLS setting requires HTTPS to be enabled in the listener

[arkodg]

          @jhouston1604 

Looking at the listener configuration, none of those listeners are configured to use TLS.

Your gateway is defined like this:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: envoy-public
  namespace: envoy-public
spec:
  gatewayClassName: envoy-public
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All
    - name: https
      protocol: HTTP
      port: 443
      allowedRoutes:
        namespaces:
          from: All

Simply using port 443 doesn't transform the listener to a TLS enabled listener. You need to add a TLS section at the very least:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: envoy-public
  namespace: envoy-public
spec:
  gatewayClassName: envoy-public
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All
    - name: https
      protocol: HTTPS # The protocol needs to be HTTPS and not HTTP
      port: 443
      allowedRoutes:
        namespaces:
          from: All
      tls: # This section is missing in the configuration files you listed above
         certificateRefs:  # The place where the server X.509 certificate can be found
         - group: "" 
            kind: Secret
            name: example-cert
          mode: Terminate  

Since TLS is not configured for any of the listeners, limiting the supported TLS version to 1.3 in a ClientTrafficPolicy doesn't really make any sense here.

Originally posted by @liorokman in #3060 (comment)

[aceslick911]

Thankyou - I literally spent the whole night on this issue banging my head...

such a tiny change that made it work - for anyone else stuck on this - my fix that made it work: