John Howard

@bseenu its a bit hard to tell because it could easily just be because of the maglev issue. It would help if you could reproduce it now that that error...

There has been a general desire to allow a `targetRef=HTTPRoute` on these types of resources. So I think that would be the path we go around, not another matching mechanism?...

I'm very concerned about us adding different matching mechanisms into each API. Can you help explain your use case more around why you want to match path but cannot have...

Ah sidecar inbound, that is is quite different ... FWIW linkerd does this by having HTTPRoutes apply to inbound (with no backendRef allowed, so its just a matcher). Just one...

We discussed this a bit in the WG meeting yesterday. The general consensus was we want to build out a generic matching representation for policies. For outbound, this is fairly...

@ericvn WDYT of this? This puts a dependency on buf.build servers at build time (like we depend on the golang module proxy)

fwiw - The codegen still runs locally, just the proto sources are pulled from buf instead of checked into git. They do also have remote codegen but this PR isn't...

While the security risk is probably low/acceptable, TBH I don't really see the benefits here. We are talking about adding a cache, security, availability... what benefits do we get? Seems...

IMO `generate` is for doing things that don't touch the cluster. This pattern persists across `helm template`, `istioctl manifest generate`, etc.

> +1 on preview the commands, also user wants to know exactly what we applied via waypoint apply if they choose to automate via gitops. Problem is there isn't a...