John Howard
John Howard
Within a single target, sure. But you are comparing across two targets. Do you expect no conflicts in any metrics names across all targets in a multi-tenant environment?
`up` is a common metric. Do you really expect EVERY application defines the exact same health text for `up`? It seems a bit farfetched and not how Prometheus works either.
I think this is because Envoy is pooling the connections, so its only actually opening two connections. Kube-proxy then load-balances these at connection level. I think we would need https://github.com/envoyproxy/envoy/issues/19458...
Yes I don't know any way to control this currently
I mean you could do max_req_per_con=1 but that will break a ton of other things
You want `OUTPUT_CERTS`.
> cert expired, using token instead To get a new cert, it can either auth with a token (typically used onlty the first time) or the existing mTLS cert. This...
This is mostly implemented... but not turned on my default due to some bugs that can cause outages. See https://github.com/istio/istio/issues/29131 for more info
Only gateways, sorry I skimmed through this too quickly. The sidecar cases are valid, and can be implemented in a similar manner as PILOT_FILTER_GATEWAY_CLUSTER_CONFIG I think. However, they would have...
I don't think its related, this is about destination rule subsets which are not referenced. In sidecar, not gateway