Keith Mattix II
Keith Mattix II
I bet https://github.com/Azure/AKS/issues/3646 is the problem here; it has to do with the AKS loadbalancer
On substance, can you explain why utilizing AuthorizationPolicies and RequestAuthentication is a blocker for your use case? AuthorizationPolicy is the central authz policy object in Istio and combining it with...
This approach would still require a fork. My recommendation would be a configurable url template with named variables that correspond to the service account and namespace. I do agree though...
#43105 has a lot more discussion/context on custom spiffe formats, though it doesn't seek to necessarily address the forking use case. I imagine any kind of progress here would result...
I don't know that we need to duplicate the xDS logic though; does it make sense instead to keep the core istiod xDS library small/with minimal dependencies and continue to...
I think @kyessenov's logic goes something like: 1. We need to reduce agent's istiod imports to lower binary size 2. A standalone workload SDS sever is probably the best way...
> If the real goal is to reduce binary size, then we should strongly consider alternatives like making the existing server import less things vs rewriting critical code from scratch...
10X is certainly _a_ goal but it seems dubious to me that we can make that happen without also cutting a great deal of the value that the agent brings,...
Current draft can be found here: https://docs.google.com/document/d/1a-MY0rBwlXGSNM4V5U0it5uLxVOpi8gTbCBipKQVn9k/edit#heading=h.pw0d9uhzxq9k