istio
Experimental Support for ambient on Windows
Part of istio/istio#27893. Istio CNI piece is at istio/istio#55216
More information to follow in an upcoming IstioDay talk as well as a blog post, but in summary: we've made substantial progress towards support Istio on Windows, and we decided the time is right to share where we are with the community! After discussing with the rest of Istio TOC, we have agreed that a long-lived experimental branch is the best place for this code to live for now as we work towards productionizing it and getting CI set up.
What works
- in pod traffic redirection
- HBONE upgrade
- waypoint forwarding
- ZDS communication with ztunnel
What doesn't work
- DNS proxying (haven't tested, redirection in CNI isn't implemented)
- Communicating with istiod via DNS (windows host process pods can't resolve via kube-dns)
- Tests that rely on creating a netns programmatically (pre-WS2025, I don't think this is possible because of how compartments and namespaces work)
- Probably more stuff I'm forgetting
I'm opening this PR as a draft for folks to take a look and comment on the diff/approach before merging it into the experimental branch. Feel free to reach out with any questions or concerns. Welcome to Istio, Windows!
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
😊 Welcome @keithmattix! This is either your first contribution to the Istio ztunnel repo, or it's been a while since you've been here.
You can learn more about the Istio working groups, Code of Conduct, and contribution guidelines by referring to Contributing to Istio.
Thanks for contributing!
Courtesy of your friendly welcome wagon.
@howardjohn @craigbox @therealmitchconnors can we get the Ztunnel experimental branch in as well? Thank you!
