Ben Leggett
Ben Leggett
SIG-SPIRE discussion outcomes here: https://docs.google.com/document/d/1A1oQHuR6z3bvQtXN17r2EwBr5lazGGPbUPkxoURAAh4/edit#heading=h.to9i1s83kgpn I think we are all leaning towards `pid` as the most portable option, provided we can be explicit about the responsibilities of the delegate around...
I have started hacking at this and since the API changes are probably the most controversial bit, I threw up a WIP PR for those: https://github.com/spiffe/spire-api-sdk/pull/58 looking for feedback/opinions there...
> The cni daemonset had a revision label, but the pod template didn't have. Is that intentional? - I added revision label for the pods so for consistency (as i...
Would we ever want to potentially re-taint the node if CNI goes unready, or is this by-design a one-way operation? Strictly speaking it's not required since if the CNI was...
> In a corporate environment, any changes that could potentially impact critical services indeed require very careful planning and execution. Migrating large-scale services to a service mesh architecture like Istio,...
> @zengyuxing007 @louiscryan thx for your comment. > > Apologies, I may have diverged too much in this PR with many inappropriate examples, causing our discussion to exceed the scope...
> > If they are not suitable then you can also just not enable ambient on running pods and instead enable it only for new pods. There is already a...
If we don't think it will break anything and should be the new default, but it is a behavioral change, do we want this to be affected by compatibility version?...