John Howard
John Howard
Matching https://github.com/kubernetes/test-infra/pull/33210
GKE is deprecating cgroupv1 > On September 16, 2024 cgroupv1 API was deprecated in GKE 1.31. > Starting February 15, 2025 Clusters using cgroupv1 API will be automatically upgraded to...
Use cases: * Connect to control plane in places where we do not have DNS (but istiod does not have an IP cert) * Connect through a passthrough LB
### Use case(s) - what problem will this feature solve? In grpc-go v67, the client will reject servers not advertising ALPN=h2. Typically, gRPC will automatically set this on the tls.Config...
We currently have a mode to _untaint_ a node to allow pods to run once istio-cni/ztunnel is ready. We should consider adding a mode to _taint_ a node. This avoids...
https://go.dev/blog/vuln See what we need to do as both a consumer and publisher
Also, the chart accidentally made it a label -- its an annotation, though. Fails until https://github.com/istio/api/pull/3328
In sidecars, and Ambient pre-alpha, we have quite a bit of control on what triggers something to be 'in the mesh'. When ambient went to alpha we streamlined this to...
For a variety of reasons, we chose to make Authorization policies that are namespace scoped not apply to waypoints. We did the same for other types. We may want to...
```yaml apiVersion: security.istio.io/v1 kind: PeerAuthentication metadata: name: default namespace: istio-system spec: mtls: mode: STRICT --- apiVersion: networking.istio.io/v1 kind: DestinationRule metadata: name: default namespace: istio-system spec: host: "*.local" trafficPolicy: tls: mode:...