John Howard

@srmars there is no fix currently developed. So that question cannot be answered.

The technical explanation is egressListenerServices has both but servicesByHostname has only one. Behavior across versions: ``` 1.23 no sidecar: only 9093 has config at all 1.23 with sidecar: listener has...

Well the source IP, per the log, is 10.1.26.201. So that doesn't match the policy and is denied. I assume you are trying to get the source IP from the...

it's probably a mismatch in go control plane but I would need to check. In the meantime this error can always be avoided by wrapping in a TypedStruct which makes...

High level comment - controlling this at HTTPRoute exclusively feels wrong, since it requires a dedicated udp listener which implies (to me) Gateway listener enablement. Maybe then *also* route level

I don't think it's impossible to have a single Gateway listener with a protocol or other option that implies "udp + tcp" though we could also make users use 2...

Thanks Nick! > Additionally, most Gateway implementations that use Envoy share a set of Envoys for all Gateways (Contour and Envoy Gateway both do this), and this complaint is not...

Envoy gateway: ``` $ k get gtw,deploy -n eg NAME CLASS ADDRESS PROGRAMMED AGE gateway.gateway.networking.k8s.io/envoy1 envoy-gateway 172.18.1.153 True 51s gateway.gateway.networking.k8s.io/envoy2 envoy-gateway 172.18.1.154 True 48s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/envoy1...

Based on the context here I think you may already know this, but one note - you could, I believe, add a custom label with sourceLocality today (either with Istio...

One way to do this for the outbound side would be to pull it from the EDS info. However, I don't see this exposed: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes. It also wouldn't solve the...