Etai Lev Ran
Etai Lev Ran
What is sensitive will vary from one environment to the next. Arbitrary headers and possibly even the URL itself. This means that doing it in the proxy will need to...
@spikecurtis sounds reasonable to delay as control over adapter access to attributes can be configured in 0.2 model. So following up on issues raised in this thread: 1. control adapter...
thanks @keithmattix ! I'll go through that, noting gaps (if any) in the PR discussion
@kyessenov - apologies for not replying earlier, hope you are ok restarting this conversation. I've taken the time to read through the ztunnel architecture doc and the code. > This...
Thanks! Between https://github.com/istio/istio/blob/master/architecture/ambient/ztunnel.md#hbone and https://istio.io/latest/docs/ambient/architecture/hbone/ there's enough info, IMHO. You may close.
This might not be necessary and we could drop the years altogether. See https://hynek.me/til/copyright-years/
We can take one of two approaches: 1. control plane extended to [support SDS](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#config-secret-discovery-service) and provide up to date certificates to the data plane. - Control plane watches for file...
@orozery can you please clarify in the description above "runtime configuration" of what?
@praveingk any update on this?
the ROI on this is low: some risk, low reward (having predefined data fields in secrets and clearer secret type). Pushing out on fixing this to later with lower priority....