John Howard
John Howard
Currently, Ztunnel will swallow any upstream RST and send a standard downstream FIN. This may or may not impact application behavior. We should consider forwarding the RST. Note that Envoy...
We set a timer for 12hr to renew. If the machine sleeps for 2 days and wakes up, that is not considered, so the cert expires.
TBD: * What telemetry do we produce when we retry? * Should we retry all conditions? What about timeouts (retrying these increases total timeout time!). What about HBONE status codes?...
If we look at the current architecture, we have a near-optimal (in performance) design for the goal of "mTLS encrypt all traffic". However, there is some remaining gaps around the...
 Increase is when I triggered pprof. doesn't seem to free, either. The actual profile is only 16k
`copy_bidirectional` uses `tokio::join` for the copy from upstream->downstream and vis-versa. Join is **not** concurrent, so its impossible for these two to happen at the same time (utilizing threads). Intuitively it...
### Describe your problem Pipeline execution times are longer than expected for simple functions. For example, `gcr.io/kpt-fn/set-namespace:v0.1` against a folder with a cert-manager installation manifest (including large CRDs) takes about...
**Describe the bug** I am sending a `lookup` through `CachingClient`. The response from the upstream looks like: ``` 2025-02-14T16:23:51.941167Z debug hickory_resolver::error:lookup{src=10.10.0.32:40976 query=SRV name=_tcp.db.srv.tld.} Response:; header 51968:RESPONSE:RD,AA :NoError:QUERY:3/0/3 ; query ;;...
ref https://docs.cilium.io/en/stable/network/servicemesh/istio/#cilium-configuration istioctl detection logic https://github.com/istio/istio/blob/3c27118e7af00987d224dab1106553bf4bdf3e20/operator/pkg/apis/validation/validation.go#L91 This applies to ambient and sidecars
https://github.com/istio/istio/issues/53849#issuecomment-2520841621 -- refactoring removed any documentation of cniBinDir setting for GKE. https://istio.io/latest/docs/ambient/install/platform-prerequisites/#google-kubernetes-engine-gke is missing it and https://istio.io/latest/docs/setup/additional-setup/cni/ links only there cc @bleggett