Costin Manolache
Costin Manolache
I am not strongly against it - but I would rather avoid it if possible. GRPC has a smaller surface, and I would prefer simpler/cleaner ways to expose them -...
In terms of stability - grpc side is very solid and used in prod quite a bit, but with traffic director as xds server. For Istio - it works pretty...
I don't disagree. Proxyless in istio is - like many other features - stuck in alpha, and for the most part had very few maintainers and not a lot of...
Agree with Kuat, WDS is the right approach. We may need to iterate on what is exposed - but identity is not controversial. I think sidecars and regular gateways should...
First - this is for telemetry, not authorization ( I hope !). At least with the current Istio mode, authz should only be based on the peer certificate. Using EDS...
On Thu, May 2, 2024 at 5:07 PM John Howard ***@***.***> wrote: > TBH I am a bit confused by the position here. In the past, hadn't you > advocated...
Ok - I am confused... Is this in context of the previous WG meeting and getting principal for telemetry ? Or for some authentication feature that I'm not aware of...
> The intent (from me, maybe not Keith -- I will let him say) is to use this for telemetry and authz. Our current SAN match is `trust-domain/*` which is...
I double checked - the namespace does not require the label for injection when using the K8S Gateway. The Gateway object does allow a istio.io/rev ( optional, defaults to "default"...
If you only have a revisioned istiod - I think you do need istio.io/rev label ( can be on the Gateway object itself - I don't think we document that...