John Howard
John Howard
Any option would be a tradeoff between supported integrations and complexity. SDS might make the cut. The Kubernetes CSR is a core K8s API intended for exactly that purpose though,...
Hmm I guess SDS probably gets us a full cert+priv key, while CSR simply signs them.
We have a certificate per workload identity on the node, not just 1 cert
If there was some way to obtain them, yes. Currently there isn't afaik
I will note full compatibility with all Istio features is an anti-goal of ambient; part of the goals are to ditch all the baggage accumulated over the years. The goal...
I don't think there is agreement on dropping Citadel yet. This is also currently the only mode actually implemented, btw.
Doesn't logging in envoy use a POST as well? Modifications _should_ require a POST? Or are we just talking about viewing the current level? For stats, we don't need to...
I wouldn't spend so much time on this... On Tue, Aug 15, 2023 at 12:10 AM Xiaopeng Han ***@***.***> wrote: > I think the better solution is to have envoy...
ISTIOD_CUSTOM_HOST=localhost on istiod also works
I'd actually be fine deferring this beyond alpha.. Random is a proper load balancing algorithm -- although it may not be optimal, its at least a valid one. Initially we...