John Howard
John Howard
Let's measure the cost before we add complexity or other trade offs (TLS uses more memory). I suspect it's not a major bottleneck; I'm already planning to add a benchmark...
Similar deployment models are "Istio as a sidecar" - useful when we cannot deploy daemonset, or on a VM (not always serverless). cc @stevenctl @adiprerepa and @costinm who are interested...
I think dedicated mode solves this now. If there are any other tasks please open specific issues. Thanks everyone!
/ok-to-test
I think in order to add an official support architecture we will need, at a minimum: * Substantial demand from Istio users * Official support from prow, our CI/CD system...
In the short term I recommend building and publishing outside of the core Istio project. https://github.com/querycap/istio is an example of a successful implementation of this for ARM64. Given the overwhelming...
We have a test for service restart, we can do the exact same thing but onboard/offboard
I think we actually implemented TLS in the inbound sidecar api before. it was removed before it launched; I forget why. We should look into that before we go down...
I don't think what is said in https://github.com/istio/istio/pull/50328#issuecomment-2260706361 is implemented yet
Thanks for all the efforts here!