Evan Gilman

> If we did give the ability to configure another SDS server, the problem is that Contour needs to generate HTTPConnectionManagers for Envoy that reference the secrets in the Spire...

We need to do a little more research on this to see what our options are, and how much relative work each one presents. A quick list of some things...

Double check that this is in fact the case, and that it applies to all currently supported k8s versions

Thanks @MarcosDY for assigning - @vaibhavkoshti7 you are now assigned!

If I had to guess, the unbounded length thing was probably seen as an issue when evaluating what should be surfaced as selectors and what shouldn't. Maybe one option is...

Hey @lodthe, thanks for the additional information. We discussed this a bit, and are having a hard time coming up with a good experience > error logging is unnecessary If...

Hey @lodthe .. thanks for the reply > Annotations that I want to use as workload selectors are < 64 bytes. > ... > I want to avoid extra overhead...

Hi @radnair - thanks for opening this. We've briefly discussed it today and have a couple questions/comments * If IAM policy is being used to control which keys SPIRE Server...

This is ready to review, but more tests are on the way.

The change included in https://github.com/spiffe/spire/pull/1584 is probably relevant to this work, leaving the link here for future reference