Steven Landow
Steven Landow
I'm currently implementing control-plane support in Istio for [proxyless gRPC ](https://github.com/grpc/proposal/blob/master/A27-xds-global-load-balancing.md). As part of this effort I'm using Fortio to load-test, comparing plaintext gRPC, Envoy+mTLS and proxyless+mTLS performance. The necessary...
Trying to debug part of https://github.com/istio/istio/issues/38440 (reporting timeouts) I think we may have an issue where [RunAndWait](https://github.com/istio/istio/blob/fa4d3a7dc779cf56868c5d6f1349a5a46e009461/pkg/kube/multicluster/cluster.go#L58) doesn't always block when we fail to connect, so we think we've synced....
* When the `ambient.istio.io/redirection=enabled` annotation is added directly to the Waypoint Gateway resource, our implementation will send sandwich XDS. * Sandwich XDS differences include: * No connect_terminate or originate listeners...
From the proposal: > HTTP CONNECT to tunnel over a single QUIC stream Curious what the status is? If nobody is working on this I'd be happy to contribute although...
Supersedes https://github.com/istio/istio/pull/49734 and https://github.com/istio/istio/pull/49097 to align with the [Workload Capture Doc](https://docs.google.com/document/d/1DAM_6SajCyC2hD8wBUraaZWZJqUVYPyemzw0-xpHmdY/edit) * Changes to the Waypoint template: based on the redirection annotation, conditionally add the `tunnel-mode` label and `ISTIO_META_HBONE` (stop...
Implementation plan: Basic sandwich - [X] Basic sandwich - [X] Inbound forwards to Waypoint instead of HBONE target - [X] Outbound from Waypoint doesn't loop - [X] Outbound to captured...
Not sure what type of asset ends up getting loaded in this case, but `Res::get` yields `None` without `#mesh`, so of course nothing would be displayed. This is the result...
This deserves some discussion, but I think it adds valuable coverage. It could also be accomplished by forcing the "everywhere" mode in Go code. This invocation without the ambient.everywhere flag...
Clear instructions on how to run Primarily target GKE, instructions include cluster/node sizing. Tools/scripts are part of istio/tools. There is a well-known location to publish and compare results. Targeting iperf,...
RE: https://github.com/istio/ztunnel/issues/440 With istio-agent, the token is intended for bootstrap and after it's fetched certs once we rely on mTLS auth. Currently, we're tied just to the token for xDS...