John Howard

I tried to find the original discussion about this in Istio: https://github.com/istio/istio/issues/8990 was the best I could find. AFAIK all other service meshes have come to the same conclusion as...

Notably, port exclusions in istio today break auto-mtls. And ambient is basically auto-mtls amplified.

Spent some time putting together a e2e example of Costin's idea (or my version of it, anyhow). I used Istio GW and ztunnel. Both could be swapped out. For example,...

What is the relationship between Delta imports? I get why a rewrite to avoid the Istiod xDS server would help but not sure why Delta vs SotW matters there?

Before we go rewrite a bunch of critical code to trim dependencies a bit, can we make sure we have an implementable plan to do it fully? It doesn't make...

Can someone help me understand the benefit of switching to delta for sds? For the core istiod the benefits are clear (performance and possibly some functionality) but for SDS neither...

If the real goal is to reduce binary size, then we should strongly consider alternatives like making the existing server import less things vs rewriting critical code from scratch

I think there is some (at least _perceived_) desire to only keep private keys in memory rather than on disk (or over the network). In the past there was also...

You might consider sending GOAWAY/Connection:close during the exit period rather than nothing to encourage clients to connect to other servers

There is a lot of discussion around similar topics in https://github.com/kubernetes-sigs/gateway-api/pull/1863. IMO, I strongly agree with the need to have >64. But a few notes * Just raising the limit...