John Howard
John Howard
Why not just have it create istio-system if it does not exist then?
@dgn anything left? seems everything is checked off
My understanding of zone aware may be inaccurate, but my understanding is "local_cluster" is used to group a list of endpoints that are in the same logical "group", where group...
Yeah just to be clear this would be an option not the default. the intent was to have minimal privileges in the cluster now that some are not needed with...
Related discussion https://github.com/istio/istio/pull/45411
> secret is not authorized at all, the only limitation is: it actually is - in service account you can limit what secrets can be mounted or used like this
I don't feel comfortable making any Istio API changes until https://github.com/kubernetes-sigs/gateway-api/pull/3199 is ironed out. Even if you don't plan to use the Gateway API, the decisions there will still impact...
+1, I don't see any reason not to make it by default. We can have a feature flag to turn it off
Yes but that one is on each proxy.. we can probably just have a global in Istiod.
I don't think it particularly matters what order its in...?