Costin Manolache

Sorry, long gone. If I remember correctly, the trick is to make sure you use ADC ( not MDS ), and have the test and XDS connection run longer than...

I would guess there is little usage of proxyless outside of GCP ( in GCP the MDS is used, so no problem ) ? Thanks for confirming I was not...

@whitneygriffith

My suggestion is to see if we can improve EnvoyFilter to make it easy to support this case. Did anyone check the EnvoyGateway equivalent of EnvoyPatchPolicy - basically json patch...

Using the newest API in doc examples will mean any user on older versions will have troubles. We could do it once the oldest supported release of Istio is 1.22,...

On Tue, May 14, 2024 at 8:27 AM John Howard ***@***.***> wrote: > Using the newest API in doc examples will mean any user on older versions > will have...

Does this config apply to ALL tracers ? I agree with John, it's something that otel collector should handle.

If a JWT is not provided - I don't think the authn rules should block the request. We already have a way to do this - via authz rules, no...

BTW - the same goes for mTLS and 'PERMISSIVE' - we now use auto-mtls and hbone so mTLS is added automatically, but for regular requests without mTLS, the Authz rules...

If JWT verification failed for an issuer that is configured by the user - I agree, we should block. I also agree the use case of "ignore jwt validation for...