John Howard
John Howard
Even in the case where you have ztunnel, the model we (or, I) am pushing for is to have an exchange of information between these two layers. Blindly trusting is...
I agree communication between the layers is more work and maybe not worth it, but I don't see how EDS vs WDS is more or less work. Both seem to...
Where else would you put per-endpoint policies? If we are talking about abusing XDS data model that does not include WDS either
The intent (from me, maybe not Keith -- I will let him say) is to use this for telemetry and authz. Our current SAN match is `trust-domain/*` which is obviously...
Yes it's securing naming in CDS doesn't work in waypoints due to the internal listener hop. If we are already giving a per-endpoint identity in don't see why we would...
/test all
/test all
@hzxuzhonghu @ramaraochavali wdyt? if desired ill write an optimized Equals function
@lei-tang @kyessenov which of these (if any) will we be doing as well? 1. Removing Istiod OC XDS generation 2. Removing Istiod SD XDS generation 3. Removing istio/proxy SD filter
Does that mean we should do 1+2 as well? Doesn't have to be you specifically. I would assume (2) at least