allenlsy

"trust" should be re-phrased as "allowed" or "authorized". I agree with these 2 forms of permissive mode as well. We can scope this feature as follows: The permission policies among...

In the current xDS server implementation, the proxy subscribes to the cert rotation event [here](https://github.com/openservicemesh/osm/blob/273d5cd4e899cfbf5f7fc09f824fe8eefe41f13b/pkg/envoy/ads/stream.go#L75), without `specific-pods-topic`. The topic used is the service identity string. Can we just do the...

Do we want to add this to v1.3? If we plan to adopt SPIFFE and SPIRE in the multicluster design, this item can be a prerequisite of it.

I suggest a deliverable for this issue: * Pros and cons comparing SPIFFE to the current service identity mechanism in OSM. Especially explore the scenario if they are used in...

The pending perf & scalability doc (will be published in early April 2022) will include latency, CPU and memory usage of data plane as RPS increases. It's not compared against...

Do we have an agreement on whether working on this item for v1.3 or put it to vFuture for now?

There are some metrics that should be provided by MCS API implementation rather than multicluster service mesh. But I'm putting them all together here. ### Metrics #### In participating cluster...

ping @steeling for comments here.

I encountered the same issue before. Then I found this: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/health_check.proto.html#envoy-v3-api-field-config-core-v3-healthcheck-no-traffic-healthy-interval When there is no traffic, Envoy performs active HC according to the value of `no_traffic_health_interval`, which by default is...

@steeling since the job only need to read osm-perftest repo, according to the doc, I think `(no scope)` grants read-only permission which is sufficient for our case. If not, maybe...