Keith Mattix II
Keith Mattix II
The control plane for the default revision will also ignore resources with a revision label different than its own.
This implementation doesn't work; the metadata is on the wrong listener. I'm iterating locally and will push periodically
This is ready for review now; we decided to stash the identity in metadata due to complexity
> I really don't understand the overall design. We mostly stopped using `io.istio.upstream_peer_principal` or other custom Istio states for standard sidecar xDS, so this is going back to that solution...
@kyessenov I found it, but the implementation required me to edit the flatbuffer so there's a spot for the identity. It's probably way too heavy for what we need, but...
> @keithmattix I'd prefer keeping ambient stuff to ambient code, so if we can avoid changing EDS for ambient, that's better. Adding another field to flatbuffer is not a problem,...
Converting back to draft as I'm still testing and trying to get it to work e2e
~medium term we definitely need to validate the SAN of the upstream endpoint, otherwise the telemetry on the wire could be false without us knowing. The immediate fix is to...
Good call out Lin! We should address this before 1.22 if at all possible
Yeah I think stats is only through regex in Envoy