istio.io icon indicating copy to clipboard operation
istio.io copied to clipboard

Published 20 hours ago verified publisher icon istio

consider a better general term than "ztunnel" for ambient's node proxy

Open ilrudie opened this issue 1 year ago • 4 comments

ztunnel is really an implementation detail in the ambient architecture. Presently there isn't really another implementation of the layer 4 node proxy but that is potentially not always true. Additionally, at present ztunnel really only acts as the node proxy but that again is hot a hard and fast rule. Nothing really prevents it from being deployed as a sidecar sometime down the road if we find an interesting use for that architecture for instance.

To those outside of the Istio development stream ztunnel also doesn't mean all that much. Consider trying to describe sidecar Istio to someone who may not know that much about the implementation of a service mesh but the term you have available is just "envoy".

ilrudie avatar Jun 03 '24 14:06 ilrudie

(Bikeshed warning)

I think the problem here is one of there not being a way to describe the two different potential traffic flows in "ambient mode"

  • ztunnel only
  • ztunnel and waypoint

We sometimes use "secure L4 overlay" mode to describe the first one. It's two words too many.

If we standardised on something like

  • ambient mode
  • waypoint mode

we would then have to talk about the "node proxy" when you're referring to the thing that enforces the L4 policy, for example.

(noting that @louiscryan would prefer "ambient/waypoint mode") we should almost never have to say "ztunnel" except when talking about configuring/using Istio's reference implementation of the node proxy

craigbox avatar Jun 04 '24 00:06 craigbox

Ambient enabled == no waypoint Ambient enhanced == with a waypoint

ilrudie avatar Jun 04 '24 18:06 ilrudie

:+1: on not using "ztunnel" in architecture documents.

  • node proxy (preferred, it describes (location) (function) which is enough)
  • L4 proxy

We only need terms to describe our current usages.

bleggett avatar Jun 05 '24 17:06 bleggett

Some general thoughts translated from the ambient wg meeting discussion

  • node proxy was not really strong disliked and gels pretty well with other terminology
  • l4 proxy had some push back

istio- prefix could be added but in the context of Istio documentation that is probably not necessary ambient- prefix could be added but it may imply that a waypoint somehow isn't ambient and is also likely redundant so was not well received

ilrudie avatar Jun 05 '24 17:06 ilrudie