John Howard
John Howard
> would actually suggest we should drop our own file impl from the list and add something like SDS I think you can make the exact same argument and swap...
File mounted certificates are coming to K8s core (https://github.com/kubernetes/enhancements/issues/4317) in 1.30, so it seems like it ought to be a viable option? The issue was about serverless so I don't...
do we need to change the sidecars or only gateway?
I worry for sidecars we have already given users 2 options, and they can pick which one is less bad for them. but for gateways there is a clearly best...
> It is not safe to change gateway listener filter timeout from 0 to 15s, there should be an option. I think we can reuse meshConfig.ProtocolDetectionTimeout rather than introducing another...
yeah yes to clarify I am only in favor of default to a timeout (of 15s) for gateway TLS - where we know it's not a server first protocol
How can the request payload be so large when there is only 2 proxies? Is it a giant cluster and just a small mesh?
Ah got it thanks! Just saw the 2 proxies so was confused thinking it was small. In that case the right solution for you is to configure that env var...
Well right now it's hard failing, so raising it is really the only option unless you can reduce the amount of configuration. The risk is really that you obviously have...
I don't think there are currently these metrics