John Howard
John Howard
I put up a draft in https://github.com/cert-manager/istio-csr/pull/335. It 'works' but doesn't do enough auth. But it does prove that adding the auth is all that is blocking things working e2e....
Nice! I skimmed it really quickly and looks like the right path. I'll put aside some time to make sure to give it a close review and try it out.
Weird, never seen things like this before. Its a bit hard to tell from the tests not having `-v` and being all the tests at once. It may be useful...
`kubectl set env deployment/istiod -n istio-system PILOT_ENABLE_ALPHA_GATEWAY_API=true` should get TLSRoute working btw. Since it is experimental you need to opt in.
@phuhung273 are you still looking for an implementation that can pass the tests? I can probably get agentgateway passing them this week
Probes do not go through the standard proxy path so do not have access logs. PS: Istio 1.15 is very eol, I would encourage you to upgrade
Hard to say without showing the logs, maybe they are entirely a different type of logs than 'access logs' I am thinking. Istio does actually proxy the probes, just through...
Istio rewrites the pod probe check to go to the istio proxy, which then forwards it to the app
No, currently it only logs failures
If someone wants to add debug logs on the probes I don't mind, please send a PR