John Howard
John Howard
Its plausible to connect to Istiod in ASM managed, but... * You need to use proper Google auth * You cannot connect to a _specific_ instance, so if you query...
I believe using the sa token authentication works now but is already being phased out
https://github.com/istio/istio/commit/0f870bce1823c13ca57fbb45aa68fe94eea60fe9 was the istioctl PR to add it @qfel may be able to comment more
> @howardjohn I think those are transient dependencies (current version don't have that dependency anymore) I don't think that is accurate. Here you depend on imgcrypt: https://github.com/containerd/containerd/blob/v1.5.5/go.mod#L16 You maybe `replace`...
This is still in issue with go 1.17's module pruning changes.
@kzys that sounds like it would definitely help, but is not sufficient to solve this IMO, as containerd still has a circular dependency on older versions of containerd which depend...
Can we add a warning to the validation webhook for this as well? Or alterntively, just automatically set the ciphers?
Is there anything similar to SIGS we can do? I don't think we want to move ~anything under the "istio" org since that has some implication of support On Wed,...
One nice thing about an annotation is as a webhook-injecting-sidecar implementor, I can just put it on all pods and if the cluster supports it - great. With a flag...